OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-comment] Public Comment

Rob,

I think the answer here is that more complex use cases are to be
handled using AttributeSelectors and XPath expressions to specify
specific elements in a hierachy.

Anne

On 19 December, comment-form@oasis-open.org writes: [xacml-comment] Public Comment
 > From: comment-form@oasis-open.org
 > To: xacml-comment@lists.oasis-open.org
 > Subject: [xacml-comment] Public Comment
 > Date: Fri, 19 Dec 2003 18:04:24 +0000
 > 
 > Comment from: rgrzywinski@yahoo.com
 > 
 > I'd like to add use cases to the XACML 2.0 work item #9 (Policies referring to hierarchical resources).
 > 
 > 
 > 
 > The current work item refers to three cases:
 > 
 > 
 > 
 > o  all descendents of a particular node in a hierarchy
 > 
 > o  all immediate children of a particular node in a hierarchy
 > 
 > o  a particular node in a hierarchy
 > 
 > 
 > 
 > These three cases only cover a small subset of the policy used in the current web access control products.  For example, refer to section 7.2 (Enhanced URI Wildcarding) of:
 > 
 > 
 > 
 >   http://www.rsasecurity.com/products/cleartrust/whitepapers/CTOVNF_WP_0903.pdf
 > 
 > 
 > 
 > for use cases.
 > 
 > 
 > 
 > I feel that a stronger and more flexible solution is needed for this problem.  Perhaps a limited set of regex functions following XPath 2.0 pattern matching:
 > 
 > 
 > 
 > http://www.w3.org/TR/xquery-operators/#string.match
 > 
 > 
 > 
 > which is already exposed as "regexp-string-match" but only for strings (and not as XPath expressions).  
 > 
 > 
 > 
 > I do recognize the dangers in adding dependencies to as-of-yet-finalized specifications.  As long as the use cases are recognized, they could be added as a post XACML 2.0 addition contingent on the finalization of XPath 2.0.
 > 
 > 
 > 
 > -- 
 > 
 > Rob Grzywinski
 > 
 > To unsubscribe from this list, send a post to xacml-comment-unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/.
 > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]