MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [xacml] bags and targets. Forwarded message from Seth Proctor
If we like what I did with the *IsPresent text, it might be best to align
the *Designator and Selector text with that. I guess what I am getting at
is that the operational semantics of MustBePresent are specified in the
main paragraphs, while the "attribute" descriptions merely explain breifly
what they are and how they are specified.
On Tue, 29 Oct 2002, Anne Anderson wrote:
> I have the following action item:
> 0142: [Seth Proctor] bags and targets. Forwarded message from Seth Proctor.
> e-mail sent 17 Oct 2002 16:43:04 -0400 (EDT)
> ACTION ITEM: [Anne] Write up TENTATIVE RESOLUTION with details spelled out.
> TENTATIVE RESOLUTION: Create a new XML attribute on Designators
> and Selectors to indicate "Must be present". This new
> attribute is optional, and may be used in either Target or
> Condition. Behavior of indeterminate results in Target where
> AND or especially OR is being done (e.g. in multiple subjects
> where only one needs to match) needs to be spelled out, but it
> should follow behavior of current "and" and "or" functions.
> Here is my attempt at writing up the details:
> 1. In policy schema: Change
> <xs:complexType name="AttributeSelectorType">
> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> </xs:complexType>
> To:
> <xs:complexType name="AttributeSelectorType">
> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
> default="false"/>
> </xs:complexType>
> 2. In policy schema, Change
> <xs:complexType name="AttributeDesignatorType">
> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
> </xs:complexType>
> To:
> <xs:complexType name="AttributeDesignatorType">
> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
> default="false"/>
> </xs:complexType>
> 3. Section 5.23 Complex type AttributeDesignatorType, append
> following to the very end of this section (after Issuer
> [Optional] description):
> MustBePresent [Optional]
> The MustBePresent attribute governs whether the
> AttributeDesignator element returns an empty bag or
> indeterminate in the case of finding no value for the named
> attribute in the request context. If the value can not be
> located and the MustBePresent attribute is set to false,
> then the AttributeDesignator element SHALL result in an
> empty bag. If the value can not be located and the
> MustBePresent attribute is set to true, then the
> AttributeDesignator element SHALL result in indeterminate.
> Regardless of the MustBePresent attribute, if it cannot be
> determined whether the attribute is present or not present
> in the request context, or if the value of the attribute is
> unavailable due to any error, then the AttributeDesignator
> element SHALL result in indeterminate.
> The default value for the MustBePresent attribute is false.
> 4. Section 5.29 Element <AttributeSelector>, append following to
> the very end of this section (after DataType [Required]
> description):
> The MustBePresent attribute governs whether the
> AttributeSelector element returns an empty bag or
> indeterminate in the case of finding no value for the named
> attribute in the request context. If the value can not be
> located and the MustBePresent attribute is set to false,
> then the AttributeSelector element SHALL result in an empty
> bag. If the value can not be located and the MustBePresent
> attribute is set to true, then the AttributeSelector
> element SHALL result in indeterminate. Regardless of the
> MustBePresent attribute, if it cannot be determined whether
> the attribute is present or not present in the request
> context, or if the value of the attribute is unavailable
> due to any error, then the AttributeSelector element SHALL
> result in indeterminate.
> The default value for the MustBePresent attribute is false.
> Are there any other places that need a change?
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC