[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] functions specifications
These are my responses to Polar's list of "specification needed" function items begins. This is as far as I could get today, and I have to travel for the next few days. -Anne All xs: datatypes are defined in XML Schema, Part 2 [http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/] Special derived types from XQuery 1.0 and XPath 2.0 Functions and Operators [http://www.w3.org/TR/xquery-operators/] xf:dayTimeDuration xf:yearMonthDuration Source for XPATH function (xf:) and operator (op:) definitions is [http://www.w3.org/TR/xquery-operators/]. Unless otherwise referenced, section numbers are from this document. return 1st Arg 2nd Arg type string-equal xs:boolean xs:string xs:string - Suggestion: returns "true" iff the two arguments match byte by byte using integer-equal. No normalization or collation is done. - Note: there is no xf:equals. Closest is xf:compare, but that depends on complicated collation algorithms and hierarchies of collations algorithms, so is more complex than we want. Q: leading and trailing spaces, multiple lines, etc. Use Michiharu's suggested new function (possibly with my simpler suggested semantics): normalized-string-equal xs:boolean xs:string xs:string - Implemented as function:string-equal(xf:normalize-space(1st Arg),xf:normalize-space(2nd Arg) - Alternative: support xf:normalize-space as a separate function that may be called inside any string function. date-equal xs:boolean xs:date xs:date - Use op:date-equal, Section 8.3.11 time-equal xs:boolean xs:time xs:time - Use op:time-equal, Section 8.3.14 dateTime-equal xs:boolean xs:dateTime xs:dateTime - Use op:dateTime-equal, Section 8.3.8 anyURI-equal xs:boolean xs:anyURI xs:anyURI - Use op:anyURI-equal, Section 10.2.1 x500Name-equal xs:boolean xs:x500Name xs:x500Name Q: Do we have an adequate specification on this from pkix? - Turns out, no. PKIX does not deal with string representations of X500 Distinguished Names. - Use: "Returns true if and only if each Relative Distinguished Name in the two arguments matches. Two Relative Distinguished Names match if and only if the OIDs match AND if the values, with leading and trailing spaces removed, match using integer-equal on a byte-by-byte basis. OIDs may be expressed either using a sequence of decimal integers separated by ".", or by character strings. If both OIDs are expressed in dotted-decimal format, then the OIDs are compared using string-equal. If both OIDs are expressed using character strings, then the characters strings are normalized to lower case, then compared using string-equal. If one OID is expressed using a character string, and the other OID is expressed using dotted-decimal format, then the character string must be from the following set (IETF RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names), and its corresponding dotted decimal representation must match the OID in the other RDN. String X.500 AttributeType Dotted decimal notation ------------------------------ ----------------------- CN commonName 2.5.4.3 L localityName 2.5.4.7 ST stateOrProvinceName 2.5.4.8 O organizationName 2.5.4.10 OU organizationalUnitName 2.5.4.11 C countryName 2.5.4.6 STREET streetAddress 2.5.4.9 DC domainComponent 0.9.2342.19200300.100.1.25 UID userid 0.9.2342.19200300.100.1.1 - In the future, we may want to add an optional third argument specifying the collation to use for Unicode characters. There is an effort underway in the IETF to define a standard for this. rfc822Name-equal xs:boolean xs:rfc822Name xs:rfc822Name - Returns true iff, after conversion to lower-case, the two names match when compared byte-by-byte using integer-equal. hex-equal xs:boolean xs:hex xs:hex Q: Is the type xs:hex or xs:hexBinary? xs:hexBinary Q: leading and trailing spaces, multiple lines, etc. Not allowed. From http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/#hexBinary 3.2.15 hexBinary [Definition:] hexBinary represents arbitrary hex-encoded binary data. The ˇvalue spaceˇ of hexBinary is the set of finite-length sequences of binary octets. 3.2.15.1 Lexical Representation hexBinary has a lexical representation where each binary octet is encoded as a character tuple, consisting of two hexadecimal digits ([0-9a-fA-F]) representing the octet code. For example, "0FB7" is a hex encoding for the 16-bit integer 4023 (whose binary representation is 111110110111). 3.2.15.2 Canonical Rrepresentation The canonical representation for hexBinary is defined by prohibiting certain options from the Lexical Representation (§3.2.15.1). Specifically, the lower case hexadecimal digits ([a-f]) are not allowed. TBD base64-equal xs:boolean xs:base64 xs:base64 Q: Is the type xs:base64 or xs:base64Binary? xs:base64Binary Q: leading and trailing spaces, multiple lines, etc. Not allowed. 3.2.16 base64Binary [Definition:] base64Binary represents Base64-encoded arbitrary binary data. The ˇvalue spaceˇ of base64Binary is the set of finite-length sequences of binary octets. For base64Binary data the entire binary stream is encoded using the Base64 Content-Transfer-Encoding defined in Section 6.8 of [RFC 2045]. TBD string-greater-than xs:boolean xs:string xs:string string-greater-than-or-equal xs:boolean xs:string xs:string Q: leading and trailing spaces, multiple lines, etc. - Suggestion: support xf:normalize-space. Q: What if two different international strings? - Suggestion: for now, compare byte-by-byte using integer-greater-than and integer-equal. In the future, we probably want to add an optional third argument to support "collations" (xf:Section 6.2) to handle international strings. time-greater-than xs:boolean xs:time xs:time time-greater-than-or-equal xs:boolean xs:time xs:time Q: Are these relative to only one day? with Timezones? TBD date-greater-than xs:boolean xs:date xs:date date-greater-than-or-equal xs:boolean xs:date xs:date datetime-greater-than xs:boolean xs:date xs:date datetime-greater-than-or-equal xs:boolean xs:date xs:date TBD string-match xs:boolean xs:string xs:string -equates to xf:match; second argument is a regular expression. Regular expression syntax is defined in "6.3.15.1 Regular Expression Syntax" rfc822Name-match xs:boolean xs:rfc822Name xs:rfc822Name - An rfc822 name consists of a <local-part> followed by "@" followed by <domain>. - TBD x500Name-match xs:boolean xs:x500Name xs:x500Name TBD
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC