[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] change request: resource content
<xacml-context:Resource> element has
<xacml-context:ResourceContent> child.
If resource content is relevant in access decision
it is placed as a child of <ResourceContent> element.
Currently, the only way to access
<ResourceContent> and it's children elements is with
<xacml:AttributeSelector>, support for which
is optional.
There is no way to access this data with
<xacml:ResourceAttributeDesignator>.
Proposal 1: Introduce resource attribute
identifier:
"urn:oasis:names:tc:xacml:1.0:resource:resource-content" that will
address <ResourceContent> element.
In this case, both <ResourceContent> and
identifier refer to the same entity. No schema change required.
Proposal 2: Drop <ResourceContent> element
and introduce resource identifier as above.
The xpath expressions in the
<xacml:AttributeSelector> will be taken over this resource
attribute:
<AttributeSelector RequestContextPath=
"//ctx:Request/ctx:Resource/
ctx:Attribute[@AttributeId='urn:oasis:names:tc:xacml:1.0:resource:resource-content']/*"/>
In both cases (1) and (2) we can access content
with resource-attribute-designator:
<ResourceAttributeDesignator AttributeId="urn:oasis:names:xacml:1.0:resource:resource-content"/> Simon
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC