[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Public Comment
On Wed, 21 Oct 2004 comment-form@oasis-open.org wrote: > Comment from: diegog@lagash.com > > Hi, > > I found something strange during the implementation of the Variables. I've found there is a new element in the schema called Expression which is a common element for every "parameter" of the Apply. The idea is great because it makes the schema very simple. > It means the Apply's inner elements can be any of the elements that can be treated as Expresions, where the Function elemet is also included. > > On other hand, the VariableDefinition also define it's value as an Expression which also includes the Function element. So the following Xml is validated by the schema: > > <VariableDefinition VariableId="variable"> > <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> > </VariableDefinition> > > The same happens with the Condition element, the following xml is also validated by the schema: > > <Condition> > <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> > </Condition> > > The questions are: > - This is valid? > I've not found the explanation in the document if there is a variable > that can contain a function. The schema validity is only a syntax check. It doesn't say anything about the more stringent semantic restrictions placed on the content of the language, such as type checking. Obviously, you can write a schema valid expression that isn't type correct, and therefore would not be valid XACML. Such as applying "string-equal" to two integers. It is true that any Expression may be a Function, which is in turn passed to the application (Apply) of another function as an argument, such as with the higher-order functions. So, there should be no problem with a VariableDefinition being a Function. The Condition, however, forces its contained expression to reduce to a boolean value. A Function placed in a Condition as you have it, can only be this, if it is a zero-ary function (i.e. takes no arguments). A zero-ary function is otherwise known as a constant, and is better off being represented as a simple value, Nothing precludes that restriction however. We do not define any zero-ary Functions, but that doesn't have to stop your implemenation from doing so. :^) We just require that it not return different values for different evaluations. That is to say that a zero-ary function MAY NOT base it value on anything "outside" of the XACML request, like weather, a zenner-diode, random-number, etc. > - In the case of the Condition I think this is not valid, but I'll like > to hear your thoughts on this. Hope that helps. Cheers, -Polar > > Hope you have time to answer the questions, > > Thanks in advance, > Diego Gonzalez > Lagash Systems SA >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]