OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  [xacml] Present Elements

    Posted 10-28-2002 15:53
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] Present Elements


    
    Everybody,
    
    Given that I am writing up sections for the following elements:
    
    SubjectAttributeIsPresent
    SubjectAttributeIsPresentWhere
    ResourceAttributeIsPresent
    ActionAttributeIsPresent
    EnvironmentAttributeIsPresent
    SelectedAttributeIsPresent
    
    These elements will basically extend the AttributeDesignatorType and will
    have meanings as booleans.
    
    So, these structures return a value of type "xs:boolean". The question is
    do we include the "mustBePresent" attribute of which Simon is presently
    placing in the AttributeDesignatorType. It may be useful to some (I
    wouldn't use it), but it could be.
    
    Let's say we have the following:
    
    <ActionAttributeIsPresent AttributeId="urn:....:action-id"/>
    
    would return TRUE if the attribute is present, and would return FALSE if
    it were not. There could be operational errors that may cause it to return
    Indeterminate, but presence is not one of them.
    
    Now let's say for discussion, what if we have:
    
    <ActionAttributeIsPresent
          AttributeId="urn:....:action-id"
          MustBePresent="true"/A>
    
    I would suggest that this structure return TRUE if the attribute is not
    there, and raise and Indeterminate, if not.
    
    It's not that I would use it, but I'm just thinking of completeness here.
    Being that
    
    <ActionAttributeDesignator
         AttributeId="urn:...:action-id"/>
    
    may return values or an empty bag, and
    
    <ActionAttributeDesignator
         AttributeId="urn:...:action-id"
         MustBePresent="true"/>
    
    may return values or Indeterminate.  (I guess it will return an empty bag
    if it is present and has no value?)
    
    What do people think?
    
    -Polar
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC