MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] Condition language
actually you can get around having to 'chase' external standards by
explicitly stating the version of XPATH (in this case) being used (which
is what we would do anyway i assume). that way we would adopt future
versions of XAPTH as they provide value to our cause and only then.
assuming that there is some level of backwards compatibility with the
external standards we choose to rely upon this should be practical to
implement.
b
Michiharu Kudoh wrote:
> I have a little different idea on the XACML condition language. The current
> specification aims at defining XACML local syntax and the semantics. I
> think it is one way to proceed. The other way would be to borrow the syntax
> and the semantics from other promising standards as much as possible. For
> example, the semantics of the string comparison is also defined in XPath
> 1.0 document. "/ContextPrincipals/ContextPrincipal/SimplePrincipal
> = 'Alice' '' compares the text node of the SimplePrincipal element in the
> XACML context and "Alice". It also supports AND, OR, NOT, element
> reference, arithmetic computation, and the type conversion. If we specify
> this "string expression" in the condition element as described below, the
> semantics of this expression is explicitly defined in XPath standard. The
> merit is that we don't have to worry about the syntax and the semantics of
> the expression evaluation in XACML. The downside would be when XPath 2.0
> becomes recommendation, we may have to update some part of our document.
> But I still think this is another practical way to specify the condition
> expression.
>
> <Conditions>
> <Condition expression
> ="/ContextPrincipals/ContextPrincipal/SimplePrincipal = 'Alice'">/
> </Conditions>
>
> Best regards,
> Michiharu Kudo
>
> IBM Tokyo Research Laboratory, Internet Technology
> Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
>
>
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC