OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] Name for match element inSubjectQualifier/SubjectAttributeDesignatorWhere

  • 1.  [xacml] Name for match element inSubjectQualifier/SubjectAttributeDesignatorWhere

    Posted 10-30-2002 20:30
    ------- forwarded for Seth Proctor----------- This is a followup to my last email on Match types in the SubjectQualifier ([xacml] Problem in SubjectQualifier/SubjectAttributeDesignatorWhere). If I'm right, and that structure needs to change, I would like to request that it not have the same name as the other match objects (ie, it should not be called something that looks like SubjectMatchType). While it is similar in structure to the other match types, the "match" elements used in the qualifer are symantically an entirely different thing, and should therefore be logically separated by using a different name, and should not be covered by the same explanitory text in the spec. This has confused me all morning, while I've been trying to figure out how to re-use my existing matching code for the SubjectQualifier...I finally figured out that my matching code is completely different than what goes in the qualifier, and that's why I was confused. Reading the spec, the suggestion is that the matching in the qualifier is the same as the matching in the targets, which is simply not the case. I would suggest the following to help clarify things: <xs:complexType name="SubjectQualifierType"> <xs:complexContent> <xs:extension base="xacml:AttributeDesignatorType"> <xs:sequence> <xs:element ref="xacml:Qualifier minOccurs="0" maxOccurs="unbounded/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- this fixes the naming problem & the problem raised in my last mail --> <xs:element name="Qualifier" type="QualifierType"/> <xs:complexType name="QualifierType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:AttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> <!-- is this currently QName or anyURI? --> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> If this makes sense, I will propose language today to include in the spec to accompany these types.