[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Reg. <ResourceContent>
In many systems I have dealt with subject attributes are accessible from a directory protocol (as LDAP). It would seem that they would be much more suited to mapping to the name-value model of the notional context, rather then presented as an XML document. But renaming the ResourceContent to Content does seem appealing for clarification of its purpose. But as the request is a single document, it does NOT seem appealing to have more then one root for path expression. We will need to revisit our mapping to Xpath/XQuery data model anyway once those standards reach recommendation stage (we are currently starting (second) last call comments phase on them) Daniel; -----Original Message----- From: Muhammad Masoom Alam [mailto:Muhammad.alam@uibk.ac.at] Sent: Friday, April 01, 2005 1:05 AM To: Prakash Yamuna; Seth Proctor Cc: Daniel Engovatov; xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] Reg. <ResourceContent> parkash, your given example makes sence, since in a distributed workflows, the subject (caller) is not already known n it is not always possible to extract the callers data from the database, so it will be really handy if caller(subject) attributes can be enclosed in the <subjectContent> element instead of their specification through some other means. agreed ?? Muhammad. ----- Original Message ----- From: "Prakash Yamuna" <techpy@gmail.com> To: "Seth Proctor" <Seth.Proctor@sun.com> Cc: "Daniel Engovatov" <dengovatov@bea.com>; <xacml-users@lists.oasis-open.org> Sent: Thursday, March 31, 2005 5:26 AM Subject: Re: [xacml-users] Reg. <ResourceContent> > Thanks for the response Seth - defining custom datatypes is what I > have gone ahead with... > > But I was hoping somebody could throw some light as to why the XACML > committe felt a need for <ResourceContent> but not > <SubjectContent>...and hence my email. > > I am not sure I totally understand the distinction b/w using > <ResourceContent> as a place to store XML data versus actual content > of the resource. > > To me for example: a Subjec X - xml representation maybe: > <MySubject uid="X" firstName="prakash" org="somegodforsakenorg" > supervisor="Y"/> > > So if Subject Y is deleting Subject X then: > > I could have said: > <Request...> > <SubjectContent> > <MySubject uid="Y" firstName="mymanagerwhowillbeanonymous" > org="somegodforsakenorg" supervisor="A"/> > </SubjectContent> > <ResourceContent> > <MySubject uid="someuniqueid" firstName="prakash" > org="somegodforsakenorg" supervisor="Y"/> > </ResourceContent> > <Action> > ... > </Request> > Then in my policy all I had to say was if my supervisor of X is the > subject trying to delete then go ahead and delete. > > I can do all this through custom datatypes and attributes - I > understand - as I said I was more curious to understand the rationale > than anything else... > > Thanks, > prakash > > On Wed, 30 Mar 2005 22:08:45 -0500, Seth Proctor <Seth.Proctor@sun.com> > wrote: > >> Yeah, I understand where you're going. Basically, don't think of >> ResourceContent as a place to store XML data. Think of it as the place >> where you include the actual content of the resource you're trying to >> access. The fact that the connonical representation is XML, and that >> you can query it using XPath, is just a concidence :) >> >> >> seth >> >> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]