[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Re: Observation on J2SE context proposal
OK. I agree to that <NameIdentifier> should be a special element for <Principal>. So it would be nice that XACML Context reflects that notion. Michiharu IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 Anne Anderson <Anne.Anderson To: Michiharu Kudoh/Japan/IBM@IBMJP @Sun.com> cc: XACML TC <xacml@lists.oasis-open.org> Subject: Re: Observation on J2SE context proposal 2002/06/06 05:35 Please respond to Anne.Anderson On 3 June, Michiharu Kudoh writes: Observation on J2SE context proposal > I would suggest more aggressive > generalization like we don't even distinguish the name identifier from > other attributes. For example, a current context fragment of > j2se:RequestingUser is: > > <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser"> > <xacml:NameIdentifier Format="itu:X500DistinguishedName"> > "cn=Anne,ou=SunLabs,o=Sun,c=US" > </xacml:NameIdentifier> > </xacml:simplePrincipal> > > It is transformed to: > > <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser"> > <xacml:Attribute AttributeName="NameIdentifier" Format > ="itu:X500DistinguishedName"> > "Zoe@Sun.COM" > </xacml:Attribute> > </xacml:simplePrincipal> > > Now, the name identifier becomes a usual attribute. I think the NameIdentifier needs to be a special attribute because each Principal must have exactly one. Other attributes are all optional, and multiple instances do not cause problems. The NameIdentifier could become an xml attribute of the Principal element, but we would then have to deal with Format, ds:KeyInfo, etc. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC