OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] Reg. <ResourceContent>


parkash,

your given example makes sence, since in a distributed workflows, the 
subject (caller) is not already known  n it is not always possible to 
extract the callers data from the database, so it will be really handy if 
caller(subject) attributes can be enclosed in the <subjectContent> element 
instead of their specification through some other means.

agreed ??
Muhammad.
----- Original Message ----- 
From: "Prakash Yamuna" <techpy@gmail.com>
To: "Seth Proctor" <Seth.Proctor@sun.com>
Cc: "Daniel Engovatov" <dengovatov@bea.com>; 
<xacml-users@lists.oasis-open.org>
Sent: Thursday, March 31, 2005 5:26 AM
Subject: Re: [xacml-users] Reg. <ResourceContent>


> Thanks for the response Seth - defining custom datatypes is what I
> have gone ahead with...
>
> But I was hoping somebody could throw some light as to why the XACML
> committe felt a need for <ResourceContent> but not
> <SubjectContent>...and hence my email.
>
> I am not sure I totally understand the distinction b/w using
> <ResourceContent> as a place to store XML data versus actual content
> of the resource.
>
> To me for example: a Subjec X - xml representation maybe:
> <MySubject uid="X" firstName="prakash" org="somegodforsakenorg" 
> supervisor="Y"/>
>
> So if Subject Y is deleting Subject X then:
>
> I could have said:
> <Request...>
> <SubjectContent>
> <MySubject uid="Y" firstName="mymanagerwhowillbeanonymous"
> org="somegodforsakenorg" supervisor="A"/>
> </SubjectContent>
> <ResourceContent>
> <MySubject uid="someuniqueid" firstName="prakash"
> org="somegodforsakenorg" supervisor="Y"/>
> </ResourceContent>
> <Action>
> ...
> </Request>
> Then in my policy all I had to say was if my supervisor of X is the
> subject trying to delete then go ahead and delete.
>
> I can do all this through custom datatypes and attributes - I
> understand - as I said I was more curious to understand the rationale
> than anything else...
>
> Thanks,
> prakash
>
> On Wed, 30 Mar 2005 22:08:45 -0500, Seth Proctor <Seth.Proctor@sun.com> 
> wrote:
>
>> Yeah, I understand where you're going. Basically, don't think of
>> ResourceContent as a place to store XML data. Think of it as the place
>> where you include the actual content of the resource you're trying to
>> access. The fact that the connonical representation is XML, and that
>> you can query it using XPath, is just a concidence :)
>>
>>
>> seth
>>
>>
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]