OASIS eXtensible Access Control Markup Language (XACML) TC

RE: [xacml] bags and targets. Forwarded message from Seth Proctor

  • 1.  RE: [xacml] bags and targets. Forwarded message from Seth Proctor

    Posted 10-29-2002 16:30
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: RE: [xacml] bags and targets. Forwarded message from Seth Proctor


    
    Anne,
    
    If we like what I did with the *IsPresent text, it might be best to align
    the *Designator and Selector text with that. I guess what I am getting at
    is that the operational semantics of MustBePresent are specified in the
    main paragraphs, while the "attribute" descriptions merely explain breifly
    what they are and how they are specified.
    
    -Polar
    
    
     On Tue, 29 Oct 2002, Anne Anderson wrote:
    
    > I have the following action item:
    >
    > 0142: [Seth Proctor] bags and targets. Forwarded message from Seth Proctor.
    >   e-mail sent 17 Oct 2002 16:43:04 -0400 (EDT)
    >   http://lists.oasis-open.org/archives/xacml/200210/msg00216.html
    >
    >   ACTION ITEM: [Anne] Write up TENTATIVE RESOLUTION with details spelled out.
    >
    >   STATUS: UNRESOLVED (10/28).  See TENTATIVE RESOLUTION.
    >
    >   TENTATIVE RESOLUTION: Create a new XML attribute on Designators
    >   and Selectors to indicate "Must be present".  This new
    >   attribute is optional, and may be used in either Target or
    >   Condition.  Behavior of indeterminate results in Target where
    >   AND or especially OR is being done (e.g. in multiple subjects
    >   where only one needs to match) needs to be spelled out, but it
    >   should follow behavior of current "and" and "or" functions.
    >
    > Here is my attempt at writing up the details:
    >
    > 1. In policy schema: Change
    > 	<xs:complexType name="AttributeSelectorType">
    > 		<xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
    > 		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
    > 	</xs:complexType>
    >    To:
    > 	<xs:complexType name="AttributeSelectorType">
    > 		<xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
    > 		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
    >         <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
    >                                                              default="false"/>
    > 	</xs:complexType>
    >
    > 2. In policy schema, Change
    > 	<xs:complexType name="AttributeDesignatorType">
    > 		<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
    > 		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
    > 		<xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
    > 	</xs:complexType>
    >    To:
    > 	<xs:complexType name="AttributeDesignatorType">
    > 		<xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
    > 		<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
    > 		<xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
    >         <xs:attribute name="MustBePresent" type="xs:boolean" use="optional"
    >                                                              default="false"/>
    > 	</xs:complexType>
    >
    > 3. Section 5.23 Complex type AttributeDesignatorType, append
    >    following to the very end of this section (after Issuer
    >    [Optional] description):
    >
    >    MustBePresent [Optional]
    >
    >       The MustBePresent attribute governs whether the
    >       AttributeDesignator element returns an empty bag or
    >       indeterminate in the case of finding no value for the named
    >       attribute in the request context.  If the value can not be
    >       located and the MustBePresent attribute is set to false,
    >       then the AttributeDesignator element SHALL result in an
    >       empty bag.  If the value can not be located and the
    >       MustBePresent attribute is set to true, then the
    >       AttributeDesignator element SHALL result in indeterminate.
    >       Regardless of the MustBePresent attribute, if it cannot be
    >       determined whether the attribute is present or not present
    >       in the request context, or if the value of the attribute is
    >       unavailable due to any error, then the AttributeDesignator
    >       element SHALL result in indeterminate.
    >
    >       The default value for the MustBePresent attribute is false.
    >
    > 4. Section 5.29 Element <AttributeSelector>, append following to
    >    the very end of this section (after DataType [Required]
    >    description):
    >
    >       The MustBePresent attribute governs whether the
    >       AttributeSelector element returns an empty bag or
    >       indeterminate in the case of finding no value for the named
    >       attribute in the request context.  If the value can not be
    >       located and the MustBePresent attribute is set to false,
    >       then the AttributeSelector element SHALL result in an empty
    >       bag.  If the value can not be located and the MustBePresent
    >       attribute is set to true, then the AttributeSelector
    >       element SHALL result in indeterminate.  Regardless of the
    >       MustBePresent attribute, if it cannot be determined whether
    >       the attribute is present or not present in the request
    >       context, or if the value of the attribute is unavailable
    >       due to any error, then the AttributeSelector element SHALL
    >       result in indeterminate.
    >
    >       The default value for the MustBePresent attribute is false.
    >
    > Are there any other places that need a change?
    >
    > Anne
    > --
    > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    > Sun Microsystems Laboratories
    > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
    > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    >
    >
    > ----------------------------------------------------------------
    > To subscribe or unsubscribe from this elist use the subscription
    > manager: <http://lists.oasis-open.org/ob/adm.pl>
    >
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC