[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Reg. <ResourceContent>
parkash, your given example makes sence, since in a distributed workflows, the subject (caller) is not already known n it is not always possible to extract the callers data from the database, so it will be really handy if caller(subject) attributes can be enclosed in the <subjectContent> element instead of their specification through some other means. agreed ?? Muhammad. ----- Original Message ----- From: "Prakash Yamuna" <techpy@gmail.com> To: "Seth Proctor" <Seth.Proctor@sun.com> Cc: "Daniel Engovatov" <dengovatov@bea.com>; <xacml-users@lists.oasis-open.org> Sent: Thursday, March 31, 2005 5:26 AM Subject: Re: [xacml-users] Reg. <ResourceContent> > Thanks for the response Seth - defining custom datatypes is what I > have gone ahead with... > > But I was hoping somebody could throw some light as to why the XACML > committe felt a need for <ResourceContent> but not > <SubjectContent>...and hence my email. > > I am not sure I totally understand the distinction b/w using > <ResourceContent> as a place to store XML data versus actual content > of the resource. > > To me for example: a Subjec X - xml representation maybe: > <MySubject uid="X" firstName="prakash" org="somegodforsakenorg" > supervisor="Y"/> > > So if Subject Y is deleting Subject X then: > > I could have said: > <Request...> > <SubjectContent> > <MySubject uid="Y" firstName="mymanagerwhowillbeanonymous" > org="somegodforsakenorg" supervisor="A"/> > </SubjectContent> > <ResourceContent> > <MySubject uid="someuniqueid" firstName="prakash" > org="somegodforsakenorg" supervisor="Y"/> > </ResourceContent> > <Action> > ... > </Request> > Then in my policy all I had to say was if my supervisor of X is the > subject trying to delete then go ahead and delete. > > I can do all this through custom datatypes and attributes - I > understand - as I said I was more curious to understand the rationale > than anything else... > > Thanks, > prakash > > On Wed, 30 Mar 2005 22:08:45 -0500, Seth Proctor <Seth.Proctor@sun.com> > wrote: > >> Yeah, I understand where you're going. Basically, don't think of >> ResourceContent as a place to store XML data. Think of it as the place >> where you include the actual content of the resource you're trying to >> access. The fact that the connonical representation is XML, and that >> you can query it using XPath, is just a concidence :) >> >> >> seth >> >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]