[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] How do I require subject not to be a member of a give ngroup?
>Question: Do we really want to make the "xacml:*-sequence" data types >equivalent with the sequences returned from XPATH or >AttributeDesignators? >-Polar My guess would be it will be absolutely redundant. We do not have anything but a sequence anyway - that what a query for an attribute will always return. All we need to cover this use case is the ability to define a sequence of primitive values as a literal function parameter. So you can write this example in the way (ommitting <Apply>) if (integer-equal 0 (string-length (string-intersection name ["Bob", "Steve"]))) That would say - any "name" attribute must not be "Bob" or "Steve" No need to make ["Bob", "Steve"] a new data type - this is the same type that <Designator> for "name" will return: ["Daniel"] for only once instance in the context.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC