OASIS eXtensible Access Control Markup Language (XACML) TC

RE: [xacml] How do I require subject not to be a member of a give ngroup?

  • 1.  RE: [xacml] How do I require subject not to be a member of a give ngroup?

    Posted 08-22-2002 15:57
    >Question: Do we really want to make the "xacml:*-sequence" data types >equivalent with the sequences returned from XPATH or >AttributeDesignators? >-Polar My guess would be it will be absolutely redundant. We do not have anything but a sequence anyway - that what a query for an attribute will always return. All we need to cover this use case is the ability to define a sequence of primitive values as a literal function parameter. So you can write this example in the way (ommitting <Apply>) if (integer-equal 0 (string-length (string-intersection name ["Bob", "Steve"]))) That would say - any "name" attribute must not be "Bob" or "Steve" No need to make ["Bob", "Steve"] a new data type - this is the same type that <Designator> for "name" will return: ["Daniel"] for only once instance in the context.