[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Re: [xacml-comment] Identifying attribute issuers
On 14 June, John Howard writes: [xacml-comment] Identifying attribute issuers
> Are there any plans to extend the XACML to support defining
> the attribute issuer id. In the current specification it is
> assumed that this is outside the scope of XACML and is handled
> by the PIP.
XACML already supports defining the attribute issuer id.
The way you refer to an attribute is via an
<xacml:AttributeDesignator>. This is defined as follows:
<xs:element name="AttributeDesignator" type="xacml:AttributeDesignatorType"/>
<xs:complexType name="AttributeDesignatorType">
<xs:sequence>
<!-- Holder is usually the PrincipalID element value when
Attribute is used in a Principal, so Holder is
optional in that context. -->
<xs:element ref="xacml:Holder" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="AttributeName" type="xs:string" use="required"/>
<!-- xacml:AttributeNamespace is the namespace authority
for the xacml:AttributeName -->
<xs:attribute name="AttributeNamespace" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer" type="xs:anyURI" use="optional"/>
<xs:attribute name="IssueInstant" type="xs:dateTime" use="optional"/>
<xs:attribute name="AttributeLocator" type="xs:string" use="optional"/>
</xs:complexType>
Notice the attribute "Issuer" with type "anyURI". Use is
optional, but the facility is certainly there if you want it.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC