OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] AttributeSelector example

  • 1.  Re: [xacml] AttributeSelector example

    Posted 08-24-2002 20:20
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: Re: [xacml] AttributeSelector example


    Michiharu,
    I'm a little confused by this example.
    
    Expression (A) has 2 attribute-selector children of the <resource-match>
    element.
    Current schema allows to match attribute-selector with attribute-value.
    Do you think this is something we have to change?
    
    I'm not sure why you need attribute-selector with request-context-id
    attribute.
    Attribute-designator should be used for that.
    
    Even if you have attribute-selector with request-context-id attribute it is
    not clear
    which attribute you are refering to. It just so happens that attribute
    identifier has 'resource'
    in it, but it is not the general rule.
    
    I think what you call node-match function used to be called node-equal
    function before.
    In section 3 example node-match is not explained, but I had following in
    mind:
    node-match(xpath-req, xpath-rule), meaning that if xpath-req node is in
    xpath-rule node-set than there is a match.
    
    Simon