OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] TENTATIVE RESOLUTION: Use QName for DataType,URI for everything else.

  • 1.  [xacml] TENTATIVE RESOLUTION: Use QName for DataType,URI for everything else.

    Posted 10-25-2002 02:33
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] TENTATIVE RESOLUTION: Use QName for DataType,URI for everything else.


    So the tentative resolution says that we should write a condition
    by using URI rather than QName to specify function identifiers.
    Please correct me if I'm wrong.
    
    A VALID example (URI is used)
    
    <xacml:Condition
      xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy"
      FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
      <xacml:Apply
        FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than">
        <xacml:Apply
          FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-add">
          <xacml:ActionAttributeDesignator AttributeId="AmountReqd" DataType
    ="xs:integer"/>
          <xacml:SubjectAttributeDesignator AttributeId="Balance" DataType
    ="xs:integer"/>
        </xacml:Apply>
        <xacml:SubjectAttributeDesignator AttributeId="CreditCardLimt" DataType
    ="xs:integer"/>
      </xacml:Apply>
      <xacml:Apply
        FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
        <xacml:Function
          FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
        <xacml:SubjectAttributeDesignator AttributeId="MemberStatus" DataType
    ="xs:string"/>
        <xacml:EnvironmentAttributeDesignator AttributeId="PremiumCustomer"
    DataType="xs:string"/>
      </xacml:Apply>
    </xacml:Condition>
    
    An INVALID example (QName is used and "xacml-function" is a namespace
    prefix)
    
    <xacml:Condition
      xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy"
      xmlns:xacml-function="urn:oasis:names:tc:xacml:1.0:function"
      FunctionId="xacml-function:or">
      <xacml:Apply
        FunctionId="xacml-function:integer-less-than">
        <xacml:Apply
          FunctionId="xacml-function:integer-add">
          <xacml:ActionAttributeDesignator AttributeId="AmountReqd" DataType
    ="xs:integer"/>
          <xacml:SubjectAttributeDesignator AttributeId="Balance" DataType
    ="xs:integer"/>
        </xacml:Apply>
        <xacml:SubjectAttributeDesignator AttributeId="CreditCardLimt" DataType
    ="xs:integer"/>
      </xacml:Apply>
      <xacml:Apply
        FunctionId="xacml-function:any-of">
        <xacml:Function
          FunctionId="xacml-function:string-equal"/>
        <xacml:SubjectAttributeDesignator AttributeId="MemberStatus" DataType
    ="xs:string"/>
        <xacml:EnvironmentAttributeDesignator AttributeId="PremiumCustomer"
    DataType="xs:string"/>
      </xacml:Apply>
    </xacml:Condition>
    
    Satoshi Hada
    IBM Tokyo Research Laboratory
    mailto:satoshih@jp.ibm.com
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC