[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Action items on change request
[0026] Add XPath functions as non-mandatory I want to postpone this change request update until we reach an agreement on a function model. [0031] Type of XPathVersion element from string=>anyURI I would like to change my original change request and propose a change request [0039]. If [0039] is accepted, [0031] disappears. Then Simon's concern is solved. [0032] Schema change of AttributeSelector I revise my change request. With the change request 0031, a schema change request becomes: ======== start of [0032] ======== I propose to change the AttributeSelector element. The reason of this change is described in a separate mail titled "[xacml] AttributeSelector example". <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default ="http://www.w3.org/TR/1999/Rec-xpath-19991116"/> </xs:complexType> ==> <xs:complexType name="AttributeSelectorType"> <xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs ="unbounded"/> <xs:attribute name="RequestContextPath" type="xs:anyURI" use ="optional"/> <xs:attribute name="DataType" type="xs:anyURI" use="optional"/> </xs:complexType> <xs:element name="XPathNamespace" type="xacml:XPathNamespaceType" substitutionGroup="xacml:AbstractDefaults"/> <xs:complexType name="XPathNamespaceType"> <xs:attribute name="NamespaceURI" type="xs:anyURI"/> <xs:attribute name="Prefix" type="xs:string" use="optional"/> </xs:complexType> Scope of the XPathNamespace for AttributeSelector element: 1. AttributeSelector element that includes XPathNamespace element, XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements that include the AttributeSelector element. For the precedence, 1. XPathNamespace elements in AttributeSelector take precedence over XPathNamespace elements in PolicyDefaults in Policy element.. 2. XPathNamespace elements in PolicyDefaults in Policy take precedence over XPathNamespace elements in PolicySetDefaults in PolicySet element.. 3. If there are two or more identical prefixes are specified under an AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the last prefix takes precedence over the previous prefixes. Others: 1. Global xmlns attribute is not used for resolving namespace-prefix pair specified in XPath expression. 2. If no XPathNamespace element is found in valid scope, it means no namespace-prefix pair is defined. 3. If Prefix attribute is missing, it means that default namespace is defined. Text change request In Section 5.3, Element <PolicySetDefaults>, line 1487-1489, <AbstractDefaults>[Any Number] This is the head of substitution group to specify default parameters. The elements in this substitution group defined at this time is <XPathNamespace> element. ======= end of [0032] ======== [0035] AttributeSelectorIndirect I want to postpone this change request update until we reach an agreement on a function model. [0039] Proposal: I request to remove "XPathVersion" attribute from AttributeSelector element. This change removes theThe reason is that we already allow a default value of XPathVersion in Policy and PolicySet elements. Since the minimum unit of the policy rules are Policy element, I think it is sufficient to specify XPath version information at a policy level, not at each AttributeSelector level. Policy writer who uses AttributeSelector must specify the xpath version in PolicyDefaults or PolicySetDefaults element. The value of XPath 1.0 version is " http://www.w3.org/TR/1999/Rec-xpath-19991116";. Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC