[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] change request: subject-attribute-designator and subjectcategory
|
xacml request context supports multiple
<xacml-context:Subject> elements.
Each <xacml-context:Subject> element is
tagged with the subject-category, such as:
access-subject, codesource, etc. Subject category
name is unique, ie there is no
two <xacml-context:Subject> elements in the
request context with the same value of subject-category
attribute.
<xacml:Subject> element in the policy allows
us to specify multiple subject matches at the same time:
sm1 'and' sm2 'and' sm3 etc. Syntactically, context
subject attribute is selected with
<xacml:SubjectAttributeDesignator> element
that names attribute-id and issuer.
Very often all subject attributes must be selected
from the same subject block.
Proposal: Extend
<xacml:SubjectAttributeDesignator> with optional SubjectCategory
attribute:
<xs:complexType
name="SubjectAttributeDesignatorType">
<xs:attribute
name="AttributeId" type="xs:anyURI" use="required"/>
<xs:attribute name="Issuer"
type="xs:anyURI" use="optional"/>
<xs:attribute
name="SubjectCategory" type="xs:string" use="optional"/> <-- new
attribute
</xs:complexType> Simon
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC