OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] functions specifications: string-equal and whitespace



- Handling whitespace

XPath 1.0 (and 2.0) has a function called normalize-space() that strips
leading and trailing whitespace and replacing sequences of whitespace
characters by a single space. Some people suggests to use this function
whenever string equality is checked on a XML document. That hides subtle
issues like how to handle whitespace in XML. However, some applications may
need non-normlized string comparison.

So my suggestion is to support two kinds of string-equal functions:
string-equal and normalized-string-equal. The string-equal does not
normalize the string and the normalized-string-equal works as if it invokes
normalize-space() function internally before comparison is made. The
normalized-string-equal function is necessary if a user need to specify
this function in MatchId attribute. When string-equal is used, any
whitespace handling specifier "xml:space" attribute on XACML Request
Context will be ignored except for the element inside the ResourceContent
element.

- Semantics of the string comparison

XPath 2.0 defines xf:compare function instead of defining xf:string-equal
function. The xf:compare has an optional argument called "collation" that
specifies Unicode collation algorithm. The draft says, if it is omitted,
the default collation is used (but its rule is TBD). Then, if we assume
that there is a default collation for XACML, the function:string-equal is
defined as "it returns true depending on the value of the first string is
equal to the value of the second string according to the rules of the
collation that is used. Otherwise, false is returned". We may add "if
either argument is the empty sequence, it returns false". Default collation
in XACML would be "comparison on each character of the string using
integer-equal".

Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428




                                                                                                                                       
                      Polar Humenn                                                                                                     
                      <polar@syr.edu>          To:       XACML <xacml@lists.oasis-open.org>                                            
                                               cc:                                                                                     
                      2002/09/07 00:45         Subject:  [xacml] functions specifications                                              
                                                                                                                                       
                                                                                                                                       
                                                                                                                                       




We need explicit specifications or pointers to specifications for the
certain functions. A specification should include the exact type (i.e.
xs:string, xs:dateTime, etc) of its arguments and the exact type of its
return value. Also, we need explicit, if not formal semantics for the
function's behavior.

Note, their type signature is not sufficient. If we cannot find
specifications for the following, I'd just assume we leave them out.
However, that might not be good for some of the functions that we think
are necessary.

I'm reluctant to issue defintions for these things, because, I'm not up on
internationalization of strings, and I'm definiately not familiar with the
nuances of XML processing. For instance, "string-equal" works two
arguments of xs:string. In XML, what do you do with leading and trailing
whitespace or mulitiple lines? Does leading and trailing white space get
ignored, or reduced, etc.? I'll bet *everybody* had a different approach.

The following functions need specification: (They are also listed in the
Functions Document I put on the list with [NEED SPECIFICATION]. Here's a
compiled list.

                   return    1st Arg   2nd Arg
                   type
string-equal      xs:boolean xs:string     xs:string
   Q: leading and trailing spaces, multiple lines, etc.

date-equal        xs:boolean xs:date       xs:date
time-equal        xs:boolean xs:time       xs:time
dateTime-equal    xs:boolean xs:dateTime   xs:dateTime
anyURI-equal      xs:boolean xs:anyURI     xs:anyURI

x500Name-equal    xs:boolean xs:x500Name   xs:x500Name
  Q:   Do we have an adequate specification on this from pkix?

rfc822Name-equal  xs:boolean xs:rfc822Name xs:rfc822Name
hex-equal         xs:boolean xs:hex        xs:hex
   Q: Is the type xs:hex or xs:hexBinary?
   Q: leading and trailing spaces, multiple lines, etc.

base64-equal      xs:boolean xs:base64     xs:base64
   Q: Is the type xs:base64 or xs:base64Binary?
   Q: leading and trailing spaces, multiple lines, etc.

string-greater-than              xs:boolean xs:string  xs:string
string-greater-than-or-equal     xs:boolean xs:string  xs:string
   Q: leading and trailing spaces, multiple lines, etc.
   Q: What if two different international strings?


time-greater-than                xs:boolean xs:time    xs:time
time-greater-than-or-equal       xs:boolean xs:time    xs:time
   Q: Are these relative to only one day? with Timezones?

date-greater-than                xs:boolean xs:date    xs:date
date-greater-than-or-equal       xs:boolean xs:date    xs:date
datetime-greater-than            xs:boolean xs:date    xs:date
datetime-greater-than-or-equal   xs:boolean xs:date    xs:date

string-match      xs:boolean  xs:string      xs:string
rfc822Name-match  xs:boolean  xs:rfc822Name  xs:rfc822Name
x500Name-match    xs:boolean  xs:x500Name    xs:x500Name

Ann has a whole lot of other functions in the compliance tests such
as:

add-dayTimeDurations
subtract-dayTimeDuration-from-time

of which I still do not know how they are to proceed. I don't even know if
we have a type for a datTimeDuration or what it looks like. Does anybody?

I suggest that we leave all of these out, especially if we cannot come up
with specifications for them. We can add them later when people do figure
out how they want them to operate.

Cheers,
-Polar



----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>







[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC