MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] [Polar] PH09: New section 7.4.2 Attributes
On Mon, Nov 04, 2002 at 09:39:22AM -0800, Simon Godik wrote:
> use type-one-and-only function:
>
> apply string-equal
> apply string-one-and-only
> subj-attr-desig attrid string-uri issuer must-be-present
> attr-val string-uri hello
And are you ok with the performance/size overhead this incurs? Nearly every
function in the spec is defined to take single values, which means that
nearly every AD/AS used in a policy will need this wrapping. Also, this means
that a function will never know about an empty bag and be able to treat it
differently than an error case, since *-one-and-only is defined to return
Indeterminate if no values are found. When I originally rasised that issue, the
TC was adamant that functions should have the ability to differentiate
between an error case and an empty bag.
A second, though much smaller problem, is that it effectively requires coders
who create new attribute types to create a *-one-and-only function for each
attribute type they invent if they want this behavior. Why not just have
language in the spec that lets a PDP do this implicitly, and save on size,
computation time, complexity, and flexibilty?
seth
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC