OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Proposal for XACML 2.0 Work Item #62: "concatenate" functions

  • 1.  Proposal for XACML 2.0 Work Item #62: "concatenate" functions

    Posted 04-12-2004 18:11
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Proposal for XACML 2.0 Work Item #62: "concatenate" functions


    Proposal for XACML 2.0 Work Item #62: "concatenate" functions
    
    Contents
    ========
    Problem statement
    Solution overview
    Proposed Functions
    
    Problem statement
    =================
    
    One use case supplied by Daniel and described as "very common"
    follows:
    
    Policies may apply to resources whose identities are
    subject-specific instances of a given resource class.  For
    example, each subject may have a unique home directory, but each
    subject will have a subdirectory named "private" in that home
    directory.  The policy writer wants to allow subjects to access
    only their own "private" sub-directories.
    
    Solution overview
    =================
    
    The proposed solution provides functions for concatenating
    AttributeValue values.  As an example of using such a function, a
    policy might construct the resource to be protected by taking a
    PEP-supplied Subject Attribute for the "home directory" value
    with "/private".  Even more generally, the policy might construct
    the directory path to be protected from the user's subject-id by
    concatenating "/home/", the subject-id, and "/private".
    
    Note that concatenation is not meaningful for all XACML data
    types.  The two functions proposed below have clear applications
    and should be included in XACML 2.0.  There may be other
    concatenation functions that should be defined in the future.
    
    Proposed Functions
    ==================
    
    A. urn:oasis:names:tc:xacml:2.0:function:string-concatenate
    
    This function SHALL take two or more arguments of data-type
    "http://www.w3.org/2001/XMLSchema#string"; and SHALL return a
    "http://www.w3.org/2001/XMLSchema#string";.  The result SHALL be
    the concatenation, in order, of the arguments.
    
    B. urn:oasis:names:tc:xacml:2.0:function:url-string-concatenate
    
    This function SHALL take one argument of data-type
    "http://www.w3.org/2001/XMLSchema#anyURI"; and one or more
    arguments of type "http://www.w3.org/2001/XMLSchema#string";, and
    SHALL return a "http://www.w3.org/2001/XMLSchema#anyURI";.  The
    result SHALL be the URI constructed by appending, in order, the
    "string" arguments to the "anyURI" argument.
    
    Anne
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]