OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] CR 144: function "present" needs to be fixed.

  • 1.  [xacml] CR 144: function "present" needs to be fixed.

    Posted 10-22-2002 12:28
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] CR 144: function "present" needs to be fixed.


    
    The function "present" as we discussed yesterday in spec 18d is vague in
    whether it returns "false" or raises an "indeterminate" if the attribute
    is not present.
    
    This needs to be cleared up, and we might address some of Simon's concerns
    of which he alluded to yesterday on "indeterminate" for an attribute that
    is not present. I don't like that, but I'm not against it. So, how about
    two functions?
    
    Since we now requiring DataType to be present in both the attribute of the
    context and in the attribute designator of the policy, such that the look
    up for the attribute is comprised of both the id and data type, we need to
    address this lookup requirement in the function "present". It needs to be
    fixed anyway.
    
    I suggest that we have two functions, summary:
    
    is-present
        returns true if the attribute is there, and false if not.
    
    must-be-present
        returns true if the attribute is there, and raises
    indeterminate if not. (The PDP can easily carry a "missing-attribute"
    status from this, if it wanted).
    
    
    So, I suggest replacing the last bullet and paragraph in Section A14.5
    Logical Functions, (i.e. "present") with the following:
    
    
    o is-present
    
    This function SHALL take two arguments. The first argument SHALL be an
    attribute value of type "xs:anyURI" as used in the "AttributeId"  XML
    attribute of an <AttributeDesignator> element. The second argument SHALL
    be an attribute value of type "xs:string" containing the identity of the
    data type as used in the "DataType" XML attribute of the
    <AttributeDesignator> element. This expression SHALL result in "true" if
    the named attribute can be located in the request context, which means
    that an <AttributeDesignator> or <AttributeSelector> element for this
    named attribute will return a bag consisting of at least one element. If
    no value can be found for the attribute in the request context, then this
    expression SHALL result in "false", which means that an
    <AttributeDesignator> or <AttributeSelector> element for this named
    attribute will return an empty bag. If it cannot be determined whether the
    attribute is present or not present in the request context, or its value
    is unavailable, the expression SHALL result in "indeterminate".
    
    o must-be-present
    
    This function SHALL take two arguments. The first argument SHALL be an
    attribute value of type "xs:anyURI" as used in the "AttributeId"  XML
    attribute of an <AttributeDesignator> element. The second argument SHALL
    be an attribute value of type "xs:string" containing the identity of the
    data type as used in the "DataType" XML attribute of the
    <AttributeDesignator> element. This expression SHALL result in "true" if
    the named attribute can be located in the request context, which means
    that an <AttributeDesignator> or <AttributeSelector> element for this
    named attribute will return a bag consisting of at least one element. If
    no value can be found for the attribute in the request context, which
    means that an <AttributeDesignator> or <AttributeSelector> element for
    this named attribute will return an empty bag, this expression SHALL
    result in "indeterminate". If it cannot be determined whether the
    attribute is present or not present in the request context, or its value
    is unavailable, the expression SHALL result in "indeterminate".
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC