OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] Subject attribute designator semantics.

  • 1.  [xacml] Subject attribute designator semantics.

    Posted 08-04-2002 22:45
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] Subject attribute designator semantics.


    I think that SubjectAttributeDesignator semantics is not as clear as I thought it would be.
    One problem (as Ann pointed out) is that there is more than one way to define subject filter in the target.
     
    Here are 2 proposals to rectify this problem.
    16f: in 16f I made SubjectAttributeDesignator the same as ResourceAttributeDesignator etc.
    This SubjectAttributeDesignator may appear in the Target element under SubjectMatch.
     
    I renamed current SubjectAttributeDesignator into SelectiveSubjectAttributeDesignator. This element
    may appear under Apply element. I called it Selective because it maps to semantics: point to the subject
    attribute where the value of another attribute is specified with subject-match.
     
    16g: in 16g I defined MatchType type and AttributeDesignator element of AttributeDesignator type.
    (this is what we had before f2f). SubjectAttributeDesignator is the same as it is in 16e.
     
    Both of this fixes clarify intended semantics and accomplish the same thing.
     
    Simon
     

    Attachment: draft-xacml-schema-policy-16f.xsd
    Description: text/xml

    Attachment: draft-xacml-schema-policy-16g.xsd
    Description: text/xml



    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC