Title: Next F2F meeting... Regards ernesto Prof. Ernesto Damiani Dipartimento di Tecnologie dell'Informazione Universita' di Milano - Polo di Crema Via Bramante 65 26013 Crema, Italia tel +39-0373-898240 fax +39-0373-898253 PArticipants: anne, simon, norman, ernesto, konstantin Simon illustrates his proposal about attribute designator syntax that was sent to the list. No big change to the schema is required. The main points of the proposals are 1. Different declarations for attribute designators differentiating it in subject attribute designator, resource attribute designator, etc. This would already delimit the scope, as each of these designators will implicitly point to different portions of request context. 2. A single attribute-designator element equipped with an additional '@kind' attribute with values (subject resource other). 3. A 'selector' element that will use arbitrary xpath expression to point into the context. Anne comments that single subject is a oversimplification, and it must be clarified how the proposal deals with multiple subjects, Simon explains that the main problem with multiple and complex subject is that we have not decided a syntax for the holder yet. Anne proposed to allow a XPath as a value of the holder. It is agreed to consider points 1 and 3 of Simon proposal for a formal approval next concall. Meanwhile comments are welcome. Simon and Ernesto added that we should not overdo it with XPaths. We should at least recommend that only the child axis is used. Also type conversion should be used with care it may introduce unexpected results. A clear, non-ambiguous explanation of the kind of XPath that we allow in XACML policies should be added to the specs. Also controlling the overload of the equal operator and defining its behavior is crucial, since one or both sides of a comparison can now be XPaths into the XACML context. How can we control the outcome? It is necessary to check implicit type conversions between XPaths and literals etc. Simon observes that being able to designate attributes of multiple subjects does not address the fundamental problem with the concept of multiple subjects, namely, what is the relationship between them ? E.g., how can we express subject equivalence?