OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] [Polar] PH09: New section 7.4.2 Attributes

  • 1.  Re: [xacml] [Polar] PH09: New section 7.4.2 Attributes

    Posted 11-04-2002 13:28
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: Re: [xacml] [Polar] PH09: New section 7.4.2 Attributes


    On Mon, 4 Nov 2002, Seth Proctor wrote:
    
    >
    > While working on our implementation, I noticed the problem of AD/AS types
    > always returning bags but almost all standard functions requiring single base
    > types (and therefore rejecting bags as input). I suggested that one way to
    > solve this was to treat a bag with a single item the same as that single item
    > on its own. Text was proposed for this change. There was no discussion on the
    > list, but the updated change list from Thursday afternoon suggests that this
    > change suggestion was rejected, with no explination except "Use anyOf."
    
    > Since "Use anyOf" doesn't apply to my change request, and since there is no
    > other explination for why this was rejected or how I'm supposed to treat
    > this problem, I am asking my question again: how are functions that expect
    > single values supposed to deal with the bags that are required to be returned
    > from AD/AS types?
    
    Seth,
    
    You use "anyof" in this way.
    
    <Apply FunctionId="function:AnyOf">
        <Function FunctionId="function:string-equal">
        <AttributeValue Datatype="....#string">Hello World</AttributeValue>
        <AttributeDesignator ....../>
    </Apply>
    
    This structure explictly states that if indeed the AttributeDesignator
    returns more than one value, it is your *explicit intent* that the
    boolean is true for any of the returned values.
    
    Cheers,
    -Polar
    
    
    > I will once again suggest that text be added that makes
    > it clear that bags with one element are treated the same as just that one
    > element on its own. I will also point out that trying to solve this problem
    > by wrapping AD/AS types in functions that select single values from bags will
    > result in much larger (and more copmlex) policies, and will increase processing
    > time dramatically, since all standard functions will require this wrapping.
    > Making the simple change I have suggested will prevent both of these problems.
    
    > seth
    >
    > ----------------------------------------------------------------
    > To subscribe or unsubscribe from this elist use the subscription
    > manager: <http://lists.oasis-open.org/ob/adm.pl>
    >
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC