MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] re: Attribute Selector example
Yes, my impression is, once you agree to using general-string-equal (or
something similar), I think every rule that specifies AttributeSelector or
xpath-expr function must deal with object data type (or something similar).
Based on this observation, I don't think my original rule example using
node-match function has unnecessary complexity. Anyway, I agree that the
following syntax as you suggested is more consistent with the current
schema than the syntax I first proposed.
<ResourceMatch MatchId="function:node-match">
<AttributeSelectorIndirect>
<ResourceAttributeDesignator AttributeId="urn:...:resource:xpath"/>
</AttributeSelectorIndirect>
<AttributeSelector RequestContextPath="//md:record"/>
</ResourceMatch>
I changed the name to AttributeSelectorIndirect because I want
AttributeSelector at the head. I would prefer the above syntax to the
syntax below because I don't like to have many XPath expression parsing
functions (i.e. node-match-1 etc.) other than xpath-expr.
<ResourceMatch MatchId="function:node-match-1">
<ResourceAttributeDesignator AttributeId="urn:...:xpath"
DataType="xsi:string"/>
<AttributeValue DataType="xsi:string">//md:record</AttributeValue>
</ResourceMatch>
Michiharu
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
Simon Godik
<simon@godik.com> To: xacml@lists.oasis-open.org
cc:
2002/08/26 16:15 Subject: Re: [xacml] re: Attribute Selector example
Michiharu,
You are correct, xpath-expr return type is the same as attribute-selector,
which is a node-set. I was under impression that we have this function
defined.
I'm not sure what to do with string-equal receiving output of
attribute-selector.
May be the right thing to do is to use general-string-equal(object a,
object
b)
function that you proposed some time ago.
Simon