OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Re: [xacml] subjects

    Posted 11-05-2002 20:13
    Polar, I am having trouble parsing the second paragraph Section 5.3 Complex type CategorizedSubjectAttributeDesignatorType (ref: http://lists.oasis-open.org/archives/xacml/200211/msg00066.html ), even apart from the typos :-) I have reworded it according to my understanding. Is my rewording true to the intended semantics? (not necessarily better, just correct) ORIGINAL: A "subject" is represented by a <Subject> element of the <Subjects> element the <xacml-context:Request> element. A "categorized subject" a "subject" that contains a particular "subject category attribute". A "subject attribute" is an attribute located in a particular "subject". A "named subject attribute" is a "named attribute" for a "subject". A "subject category attribute" is the "subject attribute" that matches "named subject attribute" with the AttributeId of urn:...:subject-category and the DataType of urn:...#string. A "named categorized subject attribute" is a "named subject attribute" for a particular "categorized subject". REWORDING: A principal, or "subject", involved in making an XACML Request is represented by a <Subject> element of the <Subjects> element of the <xacml-context:Request> element. Each <Subject> element must contain one and only one attribute with AttributeId of urn:...:subject-category. This is called its "subject category attribute". The DataType of this attribute MUST be urn:...#string. No two <Subject> elements may have "subject category attributes" that have the same value. A "categorized subject" is a "subject" along with its particular "subject category attribute" value. A "subject attribute" is an attribute located in a particular <Subject> element. A "named subject attribute" is a "subject attribute" along with its AttributeId value. "subject". A "named categorized subject attribute" is a "named subject attribute" for a particular "categorized subject". Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692