I have the following action item: 0142: [Seth Proctor] bags and targets. Forwarded message from Seth Proctor. e-mail sent 17 Oct 2002 16:43:04 -0400 (EDT)
http://lists.oasis-open.org/archives/xacml/200210/msg00216.html ACTION ITEM: [Anne] Write up TENTATIVE RESOLUTION with details spelled out. STATUS: UNRESOLVED (10/28). See TENTATIVE RESOLUTION. TENTATIVE RESOLUTION: Create a new XML attribute on Designators and Selectors to indicate "Must be present". This new attribute is optional, and may be used in either Target or Condition. Behavior of indeterminate results in Target where AND or especially OR is being done (e.g. in multiple subjects where only one needs to match) needs to be spelled out, but it should follow behavior of current "and" and "or" functions. Here is my attempt at writing up the details: 1. In policy schema: Change <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> </xs:complexType> To: <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> 2. In policy schema, Change <xs:complexType name="AttributeDesignatorType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> </xs:complexType> To: <xs:complexType name="AttributeDesignatorType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> 3. Section 5.23 Complex type AttributeDesignatorType, append following to the very end of this section (after Issuer [Optional] description): MustBePresent [Optional] The MustBePresent attribute governs whether the AttributeDesignator element returns an empty bag or indeterminate in the case of finding no value for the named attribute in the request context. If the value can not be located and the MustBePresent attribute is set to false, then the AttributeDesignator element SHALL result in an empty bag. If the value can not be located and the MustBePresent attribute is set to true, then the AttributeDesignator element SHALL result in indeterminate. Regardless of the MustBePresent attribute, if it cannot be determined whether the attribute is present or not present in the request context, or if the value of the attribute is unavailable due to any error, then the AttributeDesignator element SHALL result in indeterminate. The default value for the MustBePresent attribute is false. 4. Section 5.29 Element <AttributeSelector>, append following to the very end of this section (after DataType [Required] description): The MustBePresent attribute governs whether the AttributeSelector element returns an empty bag or indeterminate in the case of finding no value for the named attribute in the request context. If the value can not be located and the MustBePresent attribute is set to false, then the AttributeSelector element SHALL result in an empty bag. If the value can not be located and the MustBePresent attribute is set to true, then the AttributeSelector element SHALL result in indeterminate. Regardless of the MustBePresent attribute, if it cannot be determined whether the attribute is present or not present in the request context, or if the value of the attribute is unavailable due to any error, then the AttributeSelector element SHALL result in indeterminate. The default value for the MustBePresent attribute is false. Are there any other places that need a change? Anne -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692