MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Proposal for XACML 2.0 Work Item #62: "concatenate" functions
Proposal for XACML 2.0 Work Item #62: "concatenate" functions
Contents
========
Problem statement
Solution overview
Proposed Functions
Problem statement
=================
One use case supplied by Daniel and described as "very common"
follows:
Policies may apply to resources whose identities are
subject-specific instances of a given resource class. For
example, each subject may have a unique home directory, but each
subject will have a subdirectory named "private" in that home
directory. The policy writer wants to allow subjects to access
only their own "private" sub-directories.
Solution overview
=================
The proposed solution provides functions for concatenating
AttributeValue values. As an example of using such a function, a
policy might construct the resource to be protected by taking a
PEP-supplied Subject Attribute for the "home directory" value
with "/private". Even more generally, the policy might construct
the directory path to be protected from the user's subject-id by
concatenating "/home/", the subject-id, and "/private".
Note that concatenation is not meaningful for all XACML data
types. The two functions proposed below have clear applications
and should be included in XACML 2.0. There may be other
concatenation functions that should be defined in the future.
Proposed Functions
==================
A. urn:oasis:names:tc:xacml:2.0:function:string-concatenate
This function SHALL take two or more arguments of data-type
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a
"http://www.w3.org/2001/XMLSchema#string";. The result SHALL be
the concatenation, in order, of the arguments.
B. urn:oasis:names:tc:xacml:2.0:function:url-string-concatenate
This function SHALL take one argument of data-type
"http://www.w3.org/2001/XMLSchema#anyURI"; and one or more
arguments of type "http://www.w3.org/2001/XMLSchema#string";, and
SHALL return a "http://www.w3.org/2001/XMLSchema#anyURI";. The
result SHALL be the URI constructed by appending, in order, the
"string" arguments to the "anyURI" argument.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]