OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-users] Reg. <ResourceContent>


There is no such assumption.  The idea is that when resource is an XML
document, it can contain (maybe partially) the context.  Context is
notional. Even if it is a representation of a resource, it may include
any attributes.

Personally, I think AttribtueDesignators should not have a kind either,
as they have no other meaning other then to group attributes in the
context to some traditional categories.  Maybe I should suggest for 3.0
to reconsider that and make attribute kind an extensible identifier for
association with arbitrary data sources.

D;


-----Original Message-----
From: Prakash Yamuna [mailto:techpy@gmail.com] 
Sent: Wednesday, March 30, 2005 6:33 PM
To: Daniel Engovatov
Cc: xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] Reg. <ResourceContent>

Hmm - interesting...

Section 6.4 states:

"The <ResourceContent> element is a notional placeholder for the
content of the resource.  If an XACML policy references the contents
of the resource by means of an <AttributeSelector> element, then the
<ResourceContent> element MUST be included in the RequestContextPath
string."

The key phrase that struck me was - "notional placeholder for the
content of the resource" - hence my assumption that <ResourceContent>
can be used only for xml content representation of resources.

prakash

On Wed, 30 Mar 2005 18:16:22 -0800, Daniel Engovatov
<dengovatov@bea.com> wrote:
> It is explained partially in section 2.5, line 460 : you can have
> subject attribute as part of this context.
> One can include all that information within a single XML document if
so
> needed.  No need for separate contents.
> 
> Division of attributes into several kinds is purely for convenience.
> They do not have any fundamental differences.
> 
> There is really only one context, that contains all kind of
attributes.
> See section 3.2.
> 
> Daniel;
> 
> -----Original Message-----
> From: Prakash Yamuna [mailto:techpy@gmail.com]
> Sent: Wednesday, March 30, 2005 5:48 PM
> To: xacml-users@lists.oasis-open.org
> Subject: [xacml-users] Reg. <ResourceContent>
> 
> I was wondering if anyone could provide insight on why the XACML spec
> supports <ResourceContent> but not <SubjectContent>, <ActionContent>,
> etc...
> 
> thanks,
> prakash
> 
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]