OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] functions specifications


These are my responses to Polar's list of "specification needed"
function items begins.  This is as far as I could get today, and
I have to travel for the next few days.

-Anne

All xs: datatypes are defined in XML Schema, Part 2
  [http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/]

Special derived types from XQuery 1.0 and XPath 2.0 Functions and Operators
  [http://www.w3.org/TR/xquery-operators/]
      xf:dayTimeDuration
      xf:yearMonthDuration

Source for XPATH function (xf:) and operator (op:) definitions is
  [http://www.w3.org/TR/xquery-operators/].  Unless otherwise
  referenced, section numbers are from this document.

                   return    1st Arg   2nd Arg
                   type
string-equal      xs:boolean xs:string     xs:string
- Suggestion: returns "true" iff the two arguments match byte by
  byte using integer-equal.  No normalization or collation is done.
- Note: there is no xf:equals.  Closest is xf:compare, but that
  depends on complicated collation algorithms and hierarchies of
  collations algorithms, so is more complex than we want.


   Q: leading and trailing spaces, multiple lines, etc.
Use Michiharu's suggested new function (possibly with my simpler
suggested semantics):

normalized-string-equal   xs:boolean  xs:string   xs:string
- Implemented as
  function:string-equal(xf:normalize-space(1st Arg),xf:normalize-space(2nd Arg)
- Alternative: support xf:normalize-space as a separate function
  that may be called inside any string function.

date-equal        xs:boolean xs:date       xs:date
- Use op:date-equal, Section 8.3.11

time-equal        xs:boolean xs:time       xs:time
- Use op:time-equal, Section 8.3.14

dateTime-equal    xs:boolean xs:dateTime   xs:dateTime
- Use op:dateTime-equal, Section 8.3.8

anyURI-equal      xs:boolean xs:anyURI     xs:anyURI
- Use op:anyURI-equal, Section 10.2.1

x500Name-equal    xs:boolean xs:x500Name   xs:x500Name
  Q:   Do we have an adequate specification on this from pkix?
- Turns out, no.  PKIX does not deal with string representations
  of X500 Distinguished Names.
- Use:
  "Returns true if and only if each Relative Distinguished Name
  in the two arguments matches.  Two Relative Distinguished Names
  match if and only if the OIDs match AND if the values, with
  leading and trailing spaces removed, match using integer-equal
  on a byte-by-byte basis.  OIDs may be expressed either using a
  sequence of decimal integers separated by ".", or by character
  strings.  If both OIDs are expressed in dotted-decimal format,
  then the OIDs are compared using string-equal.  If both OIDs
  are expressed using character strings, then the characters
  strings are normalized to lower case, then compared using
  string-equal.  If one OID is expressed using a character
  string, and the other OID is expressed using dotted-decimal
  format, then the character string must be from the following
  set (IETF RFC 2253: Lightweight Directory Access Protocol (v3):
  UTF-8 String Representation of Distinguished Names), and its
  corresponding dotted decimal representation must match the OID
  in the other RDN.

    String  X.500 AttributeType      Dotted decimal notation
    ------------------------------   -----------------------
    CN      commonName               2.5.4.3
    L       localityName             2.5.4.7
    ST      stateOrProvinceName      2.5.4.8
    O       organizationName         2.5.4.10
    OU      organizationalUnitName   2.5.4.11
    C       countryName              2.5.4.6
    STREET  streetAddress            2.5.4.9
    DC      domainComponent          0.9.2342.19200300.100.1.25
    UID     userid                   0.9.2342.19200300.100.1.1
- In the future, we may want to add an optional third argument
  specifying the collation to use for Unicode characters.  There
  is an effort underway in the IETF to define a standard for
  this.

rfc822Name-equal  xs:boolean xs:rfc822Name xs:rfc822Name
- Returns true iff, after conversion to lower-case, the two names
  match when compared byte-by-byte using integer-equal.

hex-equal         xs:boolean xs:hex        xs:hex
   Q: Is the type xs:hex or xs:hexBinary?
xs:hexBinary

   Q: leading and trailing spaces, multiple lines, etc.
Not allowed.

    From http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/#hexBinary

        3.2.15 hexBinary

        [Definition:] hexBinary represents arbitrary hex-encoded
        binary data. The ˇvalue spaceˇ of hexBinary is the set of
        finite-length sequences of binary octets.

        3.2.15.1 Lexical Representation

        hexBinary has a lexical representation where each binary
        octet is encoded as a character tuple, consisting of two
        hexadecimal digits ([0-9a-fA-F]) representing the octet
        code. For example, "0FB7" is a hex encoding for the
        16-bit integer 4023 (whose binary representation is
        111110110111).

        3.2.15.2 Canonical Rrepresentation

        The canonical representation for hexBinary is defined by
        prohibiting certain options from the Lexical
        Representation (§3.2.15.1). Specifically, the lower case
        hexadecimal digits ([a-f]) are not allowed.
  TBD

base64-equal      xs:boolean xs:base64     xs:base64
   Q: Is the type xs:base64 or xs:base64Binary?
xs:base64Binary

   Q: leading and trailing spaces, multiple lines, etc.
Not allowed.

        3.2.16 base64Binary

        [Definition:] base64Binary represents Base64-encoded
        arbitrary binary data. The ˇvalue spaceˇ of base64Binary
        is the set of finite-length sequences of binary
        octets. For base64Binary data the entire binary stream is
        encoded using the Base64 Content-Transfer-Encoding
        defined in Section 6.8 of [RFC 2045].
  TBD

string-greater-than              xs:boolean xs:string  xs:string
string-greater-than-or-equal     xs:boolean xs:string  xs:string

   Q: leading and trailing spaces, multiple lines, etc.
- Suggestion: support xf:normalize-space.

   Q: What if two different international strings?
- Suggestion: for now, compare byte-by-byte using
  integer-greater-than and integer-equal.  In the future, we
  probably want to add an optional third argument to support
  "collations" (xf:Section 6.2) to handle international strings.

time-greater-than                xs:boolean xs:time    xs:time
time-greater-than-or-equal       xs:boolean xs:time    xs:time
   Q: Are these relative to only one day? with Timezones?
  TBD

date-greater-than                xs:boolean xs:date    xs:date
date-greater-than-or-equal       xs:boolean xs:date    xs:date
datetime-greater-than            xs:boolean xs:date    xs:date
datetime-greater-than-or-equal   xs:boolean xs:date    xs:date
 TBD

string-match      xs:boolean  xs:string      xs:string
-equates to xf:match; second argument is a regular expression.  Regular
 expression syntax is defined in "6.3.15.1 Regular Expression Syntax"

rfc822Name-match  xs:boolean  xs:rfc822Name  xs:rfc822Name
- An rfc822 name consists of a <local-part> followed by "@"
  followed by <domain>.
- TBD

x500Name-match    xs:boolean  xs:x500Name    xs:x500Name
  TBD



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC