Re: [xacml-users] Reg. <ResourceContent>

[Prakash Yamuna <techpy@gmail.com>]

Yep:-))

prakash
On Apr 1, 2005 1:05 AM, Muhammad Masoom Alam <Muhammad.alam@uibk.ac.at> wrote:
> parkash,
> 
> your given example makes sence, since in a distributed workflows, the
> subject (caller) is not already known  n it is not always possible to
> extract the callers data from the database, so it will be really handy if
> caller(subject) attributes can be enclosed in the <subjectContent> element
> instead of their specification through some other means.
> 
> agreed ??
> Muhammad.
> ----- Original Message -----
> From: "Prakash Yamuna" <techpy@gmail.com>
> To: "Seth Proctor" <Seth.Proctor@sun.com>
> Cc: "Daniel Engovatov" <dengovatov@bea.com>;
> <xacml-users@lists.oasis-open.org>
> Sent: Thursday, March 31, 2005 5:26 AM
> Subject: Re: [xacml-users] Reg. <ResourceContent>
> 
> > Thanks for the response Seth - defining custom datatypes is what I
> > have gone ahead with...
> >
> > But I was hoping somebody could throw some light as to why the XACML
> > committe felt a need for <ResourceContent> but not
> > <SubjectContent>...and hence my email.
> >
> > I am not sure I totally understand the distinction b/w using
> > <ResourceContent> as a place to store XML data versus actual content
> > of the resource.
> >
> > To me for example: a Subjec X - xml representation maybe:
> > <MySubject uid="X" firstName="prakash" org="somegodforsakenorg"
> > supervisor="Y"/>
> >
> > So if Subject Y is deleting Subject X then:
> >
> > I could have said:
> > <Request...>
> > <SubjectContent>
> > <MySubject uid="Y" firstName="mymanagerwhowillbeanonymous"
> > org="somegodforsakenorg" supervisor="A"/>
> > </SubjectContent>
> > <ResourceContent>
> > <MySubject uid="someuniqueid" firstName="prakash"
> > org="somegodforsakenorg" supervisor="Y"/>
> > </ResourceContent>
> > <Action>
> > ...
> > </Request>
> > Then in my policy all I had to say was if my supervisor of X is the
> > subject trying to delete then go ahead and delete.
> >
> > I can do all this through custom datatypes and attributes - I
> > understand - as I said I was more curious to understand the rationale
> > than anything else...
> >
> > Thanks,
> > prakash
> >
> > On Wed, 30 Mar 2005 22:08:45 -0500, Seth Proctor <Seth.Proctor@sun.com>
> > wrote:
> >
> >> Yeah, I understand where you're going. Basically, don't think of
> >> ResourceContent as a place to store XML data. Think of it as the place
> >> where you include the actual content of the resource you're trying to
> >> access. The fact that the connonical representation is XML, and that
> >> you can query it using XPath, is just a concidence :)
> >>
> >>
> >> seth
> >>
> >>
> >
> 
>