OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: Resource sets and resource string semantics

  • 1.  RE: Resource sets and resource string semantics

    Posted 05-11-2001 16:08
    Simon, 
    
    	I think we are on the same wavelength (I used the term HP since Joe
    and Nigel had advanced similar arguments).
    
    	In the case that the authorization needs to go down to the element
    level etc., I would see that as a matter for XPATH and XPOINTER (whatever).
    
    	In fact looking at some of the dot.net stuff the boundary between
    the document and contents can become blurred. One could specify an
    individual element within the document:
    
    http:\\...\document.html\Body\H1 (or some such)
    
    	Provided the issuer and relying party both agree on what the
    interpretation of the URI should be we get interoperability.
    
    	Equally if someone wanted to implement the RE based matching I
    described earlier there would be nothing to stop them, however I don't think
    we want to insist that every SAML application implement full RE matching.
    
    One way to support this is through the respond element:
    
    <Respond>Wildcard</Respond>
    
    <Respond>urn:47598q75987:Regular-Expressions</Respond>
    
    And so on...
    
    		Phill
    
    Phillip Hallam-Baker FBCS C.Eng.
    Principal Scientist
    VeriSign Inc.
    pbaker@verisign.com
    781 245 6996 x227
    
    
    >