OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-comment] Multiple decision result of type xpathExpression


> From: Steven Legg 
> Sent: Tuesday, August 27, 2013 9:36 PM
> 
> You can test whether a node is an Amount < 200 in a policy with an expression like the following:
> 
>      <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
>        <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than"/>
>        <AttributeSelector
>          Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
>          ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector"
>          Path="self::Amount/child::text()"
>          DataType="http://www.w3.org/2001/XMLSchema#integer";
>          MustBePresent="false"/>
>        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>200</AttributeValue>
>      </Apply>
> 
> The AttributeSelector applies the Path to the node identified by the "content-selector"
> attribute value resulting in a text() node that it turns into an XACML integer value.

This goes a long way towards my goal.
It works well when the element to test is a primitive type
and the value of interest is its text value.

I'm still confused what to do when the element to test is a complex type.
For example, how can I accept an element called public knowing
it is a complex type and has no significant text value?

Let's say I'm satisfied to write the condition in XPath,
how can the boolean returned by XPath be used by the Match element?
self::public does not work because the AttributeSelector will try
to compute the text value of the public node.

More generally, let's say I want to compute a value in XPath
and make that the String value of the AttributeSelector?

Maybe I'm going in the wrong direction, but my first intuition was to
compute the node name of the element selected by (//*)[I]
and test it in XACML, but I can't find how to do that.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]