MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] Action items on change request
[0026] Add XPath functions as non-mandatory
I want to postpone this change request update until we reach an agreement
on a function model.
[0031] Type of XPathVersion element from string=>anyURI
I would like to change my original change request and propose a change
request [0039]. If [0039] is accepted, [0031] disappears. Then Simon's
concern is solved.
[0032] Schema change of AttributeSelector
I revise my change request. With the change request 0031, a schema change
request becomes:
======== start of [0032] ========
I propose to change the AttributeSelector element. The reason of this
change is described in a separate mail titled "[xacml] AttributeSelector
example".
<xs:complexType name="AttributeSelectorType">
<xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default
="http://www.w3.org/TR/1999/Rec-xpath-19991116"/>
</xs:complexType>
==>
<xs:complexType name="AttributeSelectorType">
<xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs
="unbounded"/>
<xs:attribute name="RequestContextPath" type="xs:anyURI" use
="optional"/>
<xs:attribute name="DataType" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="XPathNamespace" type="xacml:XPathNamespaceType"
substitutionGroup="xacml:AbstractDefaults"/>
<xs:complexType name="XPathNamespaceType">
<xs:attribute name="NamespaceURI" type="xs:anyURI"/>
<xs:attribute name="Prefix" type="xs:string" use="optional"/>
</xs:complexType>
Scope of the XPathNamespace for AttributeSelector element:
1. AttributeSelector element that includes XPathNamespace element,
XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements
that include the AttributeSelector element.
For the precedence,
1. XPathNamespace elements in AttributeSelector take precedence over
XPathNamespace elements in PolicyDefaults in Policy element..
2. XPathNamespace elements in PolicyDefaults in Policy take precedence over
XPathNamespace elements in PolicySetDefaults in PolicySet element..
3. If there are two or more identical prefixes are specified under an
AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the
last prefix takes precedence over the previous prefixes.
Others:
1. Global xmlns attribute is not used for resolving namespace-prefix pair
specified in XPath expression.
2. If no XPathNamespace element is found in valid scope, it means no
namespace-prefix pair is defined.
3. If Prefix attribute is missing, it means that default namespace is
defined.
Text change request
In Section 5.3, Element <PolicySetDefaults>, line 1487-1489,
<AbstractDefaults>[Any Number]
This is the head of substitution group to specify default parameters. The
elements in this substitution group defined at this time is
<XPathNamespace>
element.
======= end of [0032] ========
[0035] AttributeSelectorIndirect
I want to postpone this change request update until we reach an agreement
on a function model.
[0039]
Proposal:
I request to remove "XPathVersion" attribute from AttributeSelector
element. This change removes theThe reason is that we already allow a
default value of XPathVersion in Policy and PolicySet elements. Since the
minimum unit of the policy rules are Policy element, I think it is
sufficient to specify XPath version information at a policy level, not at
each AttributeSelector level. Policy writer who uses AttributeSelector must
specify the xpath version in PolicyDefaults or PolicySetDefaults element.
The value of XPath 1.0 version is "
http://www.w3.org/TR/1999/Rec-xpath-19991116";.
Michiharu Kudo
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC