OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] Issues list and tentative resolutions of function model

  • 1.  [xacml] Issues list and tentative resolutions of function model

    Posted 09-17-2002 06:57
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] Issues list and tentative resolutions of function model


    The following are the issues list and tentative resolutions of the call on
    16. This is not a schema change request but I followed the format used by
    Anne. For the moment I put my name as an initiator of each issue. Please
    let me know any editorial, technical and general comments.
    
    
    0042. [Michiharu] XACML supports consistent specification between MatchId
    function and Apply function
        STATUS: APPROVED 9/16 (NQ)
    
    0043. [Michiharu] XACML supports unordered set that is called a "bag"
        STATUS: APPROVED 9/16 (NQ)
    
    0044. [Michiharu] XACML distinguishes singleton data from bag type
        STATUS: APPROVED 9/16 (NQ)
    
    0045. [Michiharu] XACML supports higher-order bag functions
        STATUS: APPROVED 9/16 (NQ)
    
    0046. [Michiharu] XACML supports operators for computing on bag types.
        STATUS: APPROVED 9/16 (NQ)
    
    ======================
    0042. [Michiharu] XACML supports consistent specification between MatchId
    function and Apply function
             http://lists.oasis-open.org/archives/xacml/200209/msg00098.html
    
    In ver 0.8 function draft, string comparison (set against a value) is
    differently specified in MatchId from Apply. Suppose attribute selector
    returns a sequence (e.g. "aaa" and "bbb"). In ResourceMatch,
    function:string-equal is used while in Apply, function:string-member-of
    is used:
    
    <ResourceMatch MatchId="function:string-equal">
       <AttributeSelector RequestContextPath="/a/b/c/text()">
       <AttributeValue>bbb</AttributeValue>
    </ResourceMatch>
    
    |<Apply FunctionId="function:string-member-of">
       <AttributeValue>bbb</AttributeValue>
       <AttributeSelector RequestContextPath="/a/b/c/text()">
    </Apply>
    
    We fix the above problem by using the higher-order bag function specified
    in 0.9 function draft:
    
    <ResourceMatch MatchId="function:string-equal">
      <AttributeDesignator AttributeId="role1"/>
      <AttributeValue>bbb</AttributeValue>
    </ResourceMatch>
    
    <Apply FunctionId="function:any-of-each">
      <Function FunctionId="function:string-equal"/>
      <AttributeDesignator AttributeId="role1"/>
      <AttributeValue>bbb</AttributeValue>
    </Apply>
    
    When we specify policy for MatchId, function:any-of-each is implicitly used
    for specifying the semantics of the comparison on bags.
    
    
    0043. [Michiharu] XACML supports unordered set that is called a "bag"
             http://lists.oasis-open.org/archives/xacml/200209/msg00098.html
    
    XACML supports an unordered set type and does not support a sequence
    type because there is few requirement that needs sequence dependent
    policy specification (e.g. sequence-equal function (or point-wise
    comparison)
    in XPath 2.0 draft is one of such requirement but TC members decided
    that is a lower priority).
    We rename it from "sequence (unordered set)" to "bag".
    
    
    0044. [Michiharu] XACML distinguishes singleton data from bag type.
             http://lists.oasis-open.org/archives/xacml/200209/msg00098.html
    
    XACML has two kinds of functions: a function that defines semantics on
    singleton data (e.g. function:string-equal), and a function that defines
    the
    semantics on  bags (e.g. function:any-of-each). This means that XACML
    distinguishes singleton data from bag type. We don't distinguish them by
    local name or its prefix. The specification lists function names as text.
    
    
    0045. [Michiharu] XACML supports higher-order bag functions
             http://lists.oasis-open.org/archives/xacml/200209/msg00098.html
    
    XACML supports higher-order bag functions as 0.9 draft describes.
    
    
    0046. [Michiharu] XACML supports operators for computing on bag types.
             http://lists.oasis-open.org/archives/xacml/200209/msg00098.html
    
    Comparison among bag types (e.g. any-of-each) is defined by higher-order
    bag functions as 0.9 draft describes.
    
    Best
    Michiharu Kudo
    
    IBM Tokyo Research Laboratory, Internet Technology
    Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428
    
    
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC