OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] 0092: [Polar] PH09: New section 7.4.2 Attributes

  • 1.  [xacml] 0092: [Polar] PH09: New section 7.4.2 Attributes

    Posted 10-29-2002 15:56
    ---------Forwarded from Seth Proctor (with mods by Anne)-------- TEXT LOCATION: Attribute Retrieval (new per #92) TEXT CHANGE: Replace Attribute Retrieval The PDP SHALL retrieve the values of attributes that match the particular attribute designator or attribute selector and form them into a bag of values with the specified DataType. If no attributes from the request context match, the attribute shall be considered missing, and an empty bag is said to be retrieved. with: Attribute Retrieval The PDP SHALL retrieve the values of attributes that match the particular attribute designator or attribute selector and form them into a bag of values with the specified DataType. A bag containing one value is treated as semantically equivalent to a single value of the specified bag type. If no attributes from the request context match, the attribute shall be considered missing, and an empty bag is said to be retrieved. DISCUSSION: Given the original text quoted above, an AD/AS will always return a bag, which is always an error to most of the standard functions, unless a bag with only one element is considered to be the same as a single instance of just the element inside the bag. The text change clarifies this.