MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: problem with status detail
[apologies in advance if someone has already caught this...I know there
are discussions about status, but I haven't seen this issue discussed yet]
In 6.15 there is an explination for what detail to include with the
missing-attribute status code: Attributes specify one or more missing
values, and if an AttributeValue is included, then this specifies an
acceptable value. If no AttributeValue is included, then the PDP is
specifying the identifier and datatype only. Sounds good.
The problem is that at some point the Attribute type was changed from
<xs:element ref="xacml-context:AttributeValue" minOccurs="0"/>
to
<xs:element ref="xacml-context:AttributeValue"/>
This means that it's no longer valid to have an Attribute with no
AttributeValue. So, I don't think it's possible for the PDP to specify a
missing attribute without specifying at least one acceptable value (note
that even an empty AttributeValue tag, which is still legal, is still
technically a value). Do others agree? If so, I think this is a problem.
PDPs need a way to specify missing attributes without providing
acceptable values.
Thoughts? The easiest way to fix this is to allow AttributeValue to be
optional, but I suspect that may not be acceptable. The other option is
to create a new element to specify just the meta-data.
seth
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]