MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [xacml] bags and targets. Forwarded message from Seth Proctor
Anne,
If we like what I did with the *IsPresent text, it might be best to align
the *Designator and Selector text with that. I guess what I am getting at
is that the operational semantics of MustBePresent are specified in the
main paragraphs, while the "attribute" descriptions merely explain breifly
what they are and how they are specified.
-Polar
On Tue, 29 Oct 2002, Anne Anderson wrote:
> I have the following action item:
>
> 0142: [Seth Proctor] bags and targets. Forwarded message from Seth Proctor.
> e-mail sent 17 Oct 2002 16:43:04 -0400 (EDT)
> http://lists.oasis-open.org/archives/xacml/200210/msg00216.html
>
> ACTION ITEM: [Anne] Write up TENTATIVE RESOLUTION with details spelled out.
>
> STATUS: UNRESOLVED (10/28). See TENTATIVE RESOLUTION.
>
> TENTATIVE RESOLUTION: Create a new XML attribute on Designators
> and Selectors to indicate "Must be present". This new
> attribute is optional, and may be used in either Target or
> Condition. Behavior of indeterminate results in Target where
> AND or especially OR is being done (e.g. in multiple subjects
> where only one needs to match) needs to be spelled out, but it
> should follow behavior of current "and" and "or" functions.
>
> Here is my attempt at writing up the details:
>
> 1. In policy schema: Change
> <xs:complexType name="AttributeSelectorType">
> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> </xs:complexType>
> To:
> <xs:complexType name="AttributeSelectorType">
> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
> default="false"/>
> </xs:complexType>
>
> 2. In policy schema, Change
> <xs:complexType name="AttributeDesignatorType">
> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
> </xs:complexType>
> To:
> <xs:complexType name="AttributeDesignatorType">
> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
> default="false"/>
> </xs:complexType>
>
> 3. Section 5.23 Complex type AttributeDesignatorType, append
> following to the very end of this section (after Issuer
> [Optional] description):
>
> MustBePresent [Optional]
>
> The MustBePresent attribute governs whether the
> AttributeDesignator element returns an empty bag or
> indeterminate in the case of finding no value for the named
> attribute in the request context. If the value can not be
> located and the MustBePresent attribute is set to false,
> then the AttributeDesignator element SHALL result in an
> empty bag. If the value can not be located and the
> MustBePresent attribute is set to true, then the
> AttributeDesignator element SHALL result in indeterminate.
> Regardless of the MustBePresent attribute, if it cannot be
> determined whether the attribute is present or not present
> in the request context, or if the value of the attribute is
> unavailable due to any error, then the AttributeDesignator
> element SHALL result in indeterminate.
>
> The default value for the MustBePresent attribute is false.
>
> 4. Section 5.29 Element <AttributeSelector>, append following to
> the very end of this section (after DataType [Required]
> description):
>
> The MustBePresent attribute governs whether the
> AttributeSelector element returns an empty bag or
> indeterminate in the case of finding no value for the named
> attribute in the request context. If the value can not be
> located and the MustBePresent attribute is set to false,
> then the AttributeSelector element SHALL result in an empty
> bag. If the value can not be located and the MustBePresent
> attribute is set to true, then the AttributeSelector
> element SHALL result in indeterminate. Regardless of the
> MustBePresent attribute, if it cannot be determined whether
> the attribute is present or not present in the request
> context, or if the value of the attribute is unavailable
> due to any error, then the AttributeSelector element SHALL
> result in indeterminate.
>
> The default value for the MustBePresent attribute is false.
>
> Are there any other places that need a change?
>
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC