[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Re: Observation on J2SE context proposal
OK. I agree to that <NameIdentifier> should be a special element for
<Principal>.
So it would be nice that XACML Context reflects that notion.
Michiharu
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
Anne Anderson
<Anne.Anderson To: Michiharu Kudoh/Japan/IBM@IBMJP
@Sun.com> cc: XACML TC <xacml@lists.oasis-open.org>
Subject: Re: Observation on J2SE context proposal
2002/06/06
05:35
Please respond
to
Anne.Anderson
On 3 June, Michiharu Kudoh writes: Observation on J2SE context proposal
> I would suggest more aggressive
> generalization like we don't even distinguish the name identifier from
> other attributes. For example, a current context fragment of
> j2se:RequestingUser is:
>
> <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser">
> <xacml:NameIdentifier Format="itu:X500DistinguishedName">
> "cn=Anne,ou=SunLabs,o=Sun,c=US"
> </xacml:NameIdentifier>
> </xacml:simplePrincipal>
>
> It is transformed to:
>
> <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser">
> <xacml:Attribute AttributeName="NameIdentifier" Format
> ="itu:X500DistinguishedName">
> "Zoe@Sun.COM"
> </xacml:Attribute>
> </xacml:simplePrincipal>
>
> Now, the name identifier becomes a usual attribute.
I think the NameIdentifier needs to be a special attribute
because each Principal must have exactly one. Other attributes
are all optional, and multiple instances do not cause problems.
The NameIdentifier could become an xml attribute of the Principal
element, but we would then have to deal with Format, ds:KeyInfo,
etc.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC