OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] [CR] Schema change of AttributeSelector

  • 1.  Re: [xacml] [CR] Schema change of AttributeSelector

    Posted 08-24-2002 19:29
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: Re: [xacml] [CR] Schema change of AttributeSelector


    
    Hi, Simon
    
    You are right. Sequence should be from 0 to unbound and Prefix attribute
    type should be 'xs:string'. The revised schema is:
    
    <xs:complexType name="AttributeSelectorType">
      <xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs
    ="unbounded"/>
      <xs:choice>
        <xs:attribute name="RequestContextPath" type="xs:anyURI" use
    ="optional"/>
        <xs:attribute name="RequestContextId" type="xs:string" use="optional"/>
      </xs:choice>
      <xs:attribute name="DataType" type="xs:anyURI" use="optional"/>
      <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default
    ="http://www.w3.org/TR/1999/Rec-xpath-19991116"/>
    </xs:complexType>
    
    <xs:element name="XPathNamespace" type="xacml:XPathNamespaceType"
    substitutionGroup="xacml:AbstractDefaults"/>
    <xs:complexType name="XPathNamespaceType">
      <xs:attribute name="NamespaceURI" type="xs:anyURI"/>
      <xs:attribute name="Prefix" type="xs:string" use="optional"/>
    </xs:complexType>
    
    Scope of the XPathNamespace for AttributeSelector element:
    1. AttributeSelector element that includes XPathNamespace element,
    XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements
    that include the AttributeSelector element.
    
    For the precedence,
    1. XPathNamespace elements in AttributeSelector take precedence over
    XPathNamespace elements in PolicyDefaults in Policy element..
    2. XPathNamespace elements in PolicyDefaults in Policy take precedence over
    XPathNamespace elements in PolicySetDefaults in PolicySet element..
    3. If there are two or more identical prefixes are specified under an
    AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the
    last prefix takes precedence over the previous prefixes.
    
    Others:
    1. Global xmlns attribute is not used for resolving namespace-prefix pair
    specified in XPath expression.
    2. If no XPathNamespace element is found in valid scope, it means no
    namespace-prefix pair is defined.
    3. If Prefix attribute is missing, it means that default namespace is
    defined.
    
    Best
    Michiharu Kudo
    
    IBM Tokyo Research Laboratory, Internet Technology
    Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428
    
    
    
    
                                                                                                                                                        
                          Simon Godik                                                                                                                   
                          <simon@godik.com>        To:       XACML TC <xacml@lists.oasis-open.org>                                                      
                                                   cc:                                                                                                  
                          2002/08/25 04:52         Subject:  Re: [xacml] [CR] Schema change of AttributeSelector                                        
                                                                                                                                                        
                                                                                                                                                        
                                                                                                                                                        
    
    
    
    Michiharu,
    You are proposing an optional element for mapping namespace prefix to the
    namespace-uri.
    I think sequence in AttributeSelector should be from 0 to unbound, because
    of different prefixes in
    xpath expression.
    Also Prefix attribute type in XPathNamespace should be 'string', not
    'qname'.
    
    I'm somewhat concerned about global 'xmlns' declarations and this element.
    If we are going to adopt
    XPathNamespace we must insure that there is no interference and if both of
    them are present
    which one takes precedence.
    
    Simon