[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] change request: resource content
Michiharu, Ok, than we can declare an attribute identifier that will point to the content (alt 1) Simon ----- Original Message ----- From: "Michiharu Kudoh" <KUDO@jp.ibm.com> To: "Simon Godik" <simon@godik.com> Cc: <xacml@lists.oasis-open.org> Sent: Friday, September 27, 2002 3:09 AM Subject: Re: [xacml] change request: resource content > > Simon, > > I am ok with your first proposal but I am not clear on the second one. The > intention of having a ResourceContent element in XACML Request Context is > that it must allow any arbitrary XML fragment below ResourceContent > element. That's why the schema allows any structure. If you remove the > ResourceContent and place the arbitrary XML fragment below Attribute > element instead, you will need another changes on schema, for example to > allow any elements below Attribute element or to introduce a new elements > like ResourceContent. > > Michiharu Kudo > > IBM Tokyo Research Laboratory, Internet Technology > Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 > > > > > > Simon Godik > <simon@godik.com> To: xacml@lists.oasis-open.org > cc: > 2002/09/27 15:09 Subject: [xacml] change request: resource content > > > > > > > <xacml-context:Resource> element has <xacml-context:ResourceContent> child. > If resource content is relevant in access decision it is placed as a child > of <ResourceContent> element. > > Currently, the only way to access <ResourceContent> and it's children > elements is with > <xacml:AttributeSelector>, support for which is optional. > > There is no way to access this data with > <xacml:ResourceAttributeDesignator>. > > Proposal 1: Introduce resource attribute identifier: > "urn:oasis:names:tc:xacml:1.0:resource:resource-content" that will address > <ResourceContent> element. > In this case, both <ResourceContent> and identifier refer to the same > entity. No schema change required. > > Proposal 2: Drop <ResourceContent> element and introduce resource > identifier as above. > The xpath expressions in the <xacml:AttributeSelector> will be taken over > this resource attribute: > <AttributeSelector RequestContextPath= > "//ctx:Request/ctx:Resource/ > ctx:Attribute[@AttributeId=' > urn:oasis:names:tc:xacml:1.0:resource:resource-content']/*"/> > > In both cases (1) and (2) we can access content with > resource-attribute-designator: > <ResourceAttributeDesignator AttributeId=" > urn:oasis:names:xacml:1.0:resource:resource-content"/> > > Simon > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC