MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] [CR] Schema change of AttributeSelector
Hi, Simon
You are right. Sequence should be from 0 to unbound and Prefix attribute
type should be 'xs:string'. The revised schema is:
<xs:complexType name="AttributeSelectorType">
<xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs
="unbounded"/>
<xs:choice>
<xs:attribute name="RequestContextPath" type="xs:anyURI" use
="optional"/>
<xs:attribute name="RequestContextId" type="xs:string" use="optional"/>
</xs:choice>
<xs:attribute name="DataType" type="xs:anyURI" use="optional"/>
<xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default
="http://www.w3.org/TR/1999/Rec-xpath-19991116"/>
</xs:complexType>
<xs:element name="XPathNamespace" type="xacml:XPathNamespaceType"
substitutionGroup="xacml:AbstractDefaults"/>
<xs:complexType name="XPathNamespaceType">
<xs:attribute name="NamespaceURI" type="xs:anyURI"/>
<xs:attribute name="Prefix" type="xs:string" use="optional"/>
</xs:complexType>
Scope of the XPathNamespace for AttributeSelector element:
1. AttributeSelector element that includes XPathNamespace element,
XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements
that include the AttributeSelector element.
For the precedence,
1. XPathNamespace elements in AttributeSelector take precedence over
XPathNamespace elements in PolicyDefaults in Policy element..
2. XPathNamespace elements in PolicyDefaults in Policy take precedence over
XPathNamespace elements in PolicySetDefaults in PolicySet element..
3. If there are two or more identical prefixes are specified under an
AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the
last prefix takes precedence over the previous prefixes.
Others:
1. Global xmlns attribute is not used for resolving namespace-prefix pair
specified in XPath expression.
2. If no XPathNamespace element is found in valid scope, it means no
namespace-prefix pair is defined.
3. If Prefix attribute is missing, it means that default namespace is
defined.
Best
Michiharu Kudo
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
Simon Godik
<simon@godik.com> To: XACML TC <xacml@lists.oasis-open.org>
cc:
2002/08/25 04:52 Subject: Re: [xacml] [CR] Schema change of AttributeSelector
Michiharu,
You are proposing an optional element for mapping namespace prefix to the
namespace-uri.
I think sequence in AttributeSelector should be from 0 to unbound, because
of different prefixes in
xpath expression.
Also Prefix attribute type in XPathNamespace should be 'string', not
'qname'.
I'm somewhat concerned about global 'xmlns' declarations and this element.
If we are going to adopt
XPathNamespace we must insure that there is no interference and if both of
them are present
which one takes precedence.
Simon