OASIS eXtensible Access Control Markup Language (XACML) TC

Polar, I disagree. In my opinion, the type checking for arguments to functions should be done at the time the function is evaluated, not at the time the policy is parsed. Since we have not specified the type-correctness of XACML functions using XML, the type correctness must be checked after the policy is parsed by the XML parser. It could be done as a second, XACML-specific parsing step, but I believe it is probably cleaner to have the type checking done at the time the function is evaluated. This may make it easier to deal with plug-in custom functions. Anne Anderson On 3 December, Polar Humenn writes: Re: [xacml-comment] D024 > From: Polar Humenn <polar@syr.edu> > To: Anne Anderson <Anne.Anderson@sun.com> > Subject: Re: [xacml-comment] D024 > Date: Tue, 3 Dec 2002 10:51:40 -0500 (EST) > > > D024 > > The condition that John is referring to in > > urn:oasis:names:tc:xacml:1.0:conformance-test:IID024:policy3 > > in test D024 is not type correct and therefore is not a valid policy, and > therefore not a valid policy set. Although it might niavely parse through > the policy-schema, it should not even be evaluated, because it is not type > correct. > > Cheers, > -Polar > > On Tue, 3 Dec 2002, Anne Anderson wrote: > > > John Merrells, > > > > As in D002, this Condition was intended to produce an > > Indeterminate result (by passing the wrong argument type to the > > function) in order to test the requirements of the > > "first-applicable" algorithm, which says that a Permit or Deny > > result will be returned even if an Indeterminate result follows. > > > > Please let me know if I am overlooking something. > > > > Anne Anderson > > > > On 26 November, John Merrells writes: [xacml-comment] D024 > > > From: John Merrells <merrells@jiffysoftware.com> > > > To: "'xacml-comment@lists.oasis-open.org'" <xacml-comment@lists.oasis-open.org> > > > Subject: [xacml-comment] D024 > > > Date: Tue, 26 Nov 2002 17:36:20 -0800 > > > > > > > > > Same as D002... > > > > > > <Condition > > > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > > > <SubjectAttributeDesignator > > > > > > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" > > > DataType=" http://www.w3.org/2001/XMLSchema#string"/ > > > > <AttributeValue > > > > > > DataType=" http://www.w3.org/2001/XMLSchema#string" ;>Zaphod > > > Beedlebrox</AttributeValue> > > > </Condition> > > > > > > > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: < http://lists.oasis-open.org/ob/adm.pl > > > > > > > > -- > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > Sun Microsystems Laboratories > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: < http://lists.oasis-open.org/ob/adm.pl > > > > > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692