[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] change request: xacml context attributes and data types
But, as discussed on yesterday's call, a <Subject> may have more than one subject-id attribute. For example, one may give the rfc822Name under which the subject authenticated, and another may give the x500Name. The datatype is required to allow the AttributeDesignator to select the instance of the attribute that has the correct datatype for the function in which the designator occurs. Anne On 27 September, Simon Godik writes: [xacml] change request: xacml context attributes and data types > From: Simon Godik <simon@godik.com> > To: xacml@lists.oasis-open.org > Subject: [xacml] change request: xacml context attributes and data types > Date: Fri, 27 Sep 2002 00:30:29 -0700 > > Currently <xacml-context:Attribute> element allows DataType attribute. > > Rationale for keeping DataType attribute in the <xacml-context:Attribute> element was that > it can sometimes be helpful, such as specifiying subject-id format, like > subject-id="cn=simon", data-type="x500-name" > > But this information is redundant, because subject-id attribute will be passed to the specific > function that expects arguments of certain type. For example, if subject-id is passed to > the x500Name-equal function it expects it's arguments to be in x500 name format. > > So data type does not add value here. > > Another problem is that we can not access DataType attribute with AttributeDesignator. > > Proposal: remove DataType attribute from the <xacml-context:Attribute>. > > Simon > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> > <META content="MSHTML 5.50.4522.1800" name=GENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=#ffffff> > <DIV><FONT face=Arial size=2>Currently <xacml-context:Attribute> element > allows DataType attribute.</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>Rationale for keeping DataType attribute in the > <xacml-context:Attribute> element was that</FONT></DIV> > <DIV><FONT face=Arial size=2>it can sometimes be helpful, such as specifiying > subject-id format, like</FONT></DIV> > <DIV><FONT face=Arial size=2>subject-id="cn=simon", > data-type="x500-name"</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>But this information is redundant, because > subject-id attribute will be passed to the specific</FONT></DIV> > <DIV><FONT face=Arial size=2>function that expects arguments of certain type. > For example, if subject-id is passed to</FONT></DIV> > <DIV><FONT face=Arial size=2>the x500Name-equal function it expects it's > arguments to be in x500 name format.</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>So data type does not add value here.</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>Another problem is that we can not access DataType > attribute with AttributeDesignator.</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>Proposal: remove DataType attribute from the > <xacml-context:Attribute>.</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV> > <DIV><FONT face=Arial size=2>Simon</FONT></DIV> > <DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML> -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC