MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] AttributeSelector example
Michiharu,
I'm a little confused by this example.
Expression (A) has 2 attribute-selector children of the <resource-match>
element.
Current schema allows to match attribute-selector with attribute-value.
Do you think this is something we have to change?
I'm not sure why you need attribute-selector with request-context-id
attribute.
Attribute-designator should be used for that.
Even if you have attribute-selector with request-context-id attribute it is
not clear
which attribute you are refering to. It just so happens that attribute
identifier has 'resource'
in it, but it is not the general rule.
I think what you call node-match function used to be called node-equal
function before.
In section 3 example node-match is not explained, but I had following in
mind:
node-match(xpath-req, xpath-rule), meaning that if xpath-req node is in
xpath-rule node-set than there is a match.
Simon