[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Condition language
I have a little different idea on the XACML condition language. The current specification aims at defining XACML local syntax and the semantics. I think it is one way to proceed. The other way would be to borrow the syntax and the semantics from other promising standards as much as possible. For example, the semantics of the string comparison is also defined in XPath 1.0 document. "/ContextPrincipals/ContextPrincipal/SimplePrincipal = 'Alice' '' compares the text node of the SimplePrincipal element in the XACML context and "Alice". It also supports AND, OR, NOT, element reference, arithmetic computation, and the type conversion. If we specify this "string expression" in the condition element as described below, the semantics of this expression is explicitly defined in XPath standard. The merit is that we don't have to worry about the syntax and the semantics of the expression evaluation in XACML. The downside would be when XPath 2.0 becomes recommendation, we may have to update some part of our document. But I still think this is another practical way to specify the condition expression. <Conditions> <Condition expression ="/ContextPrincipals/ContextPrincipal/SimplePrincipal = 'Alice'">/ </Conditions> Best regards, Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC