OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] change request: xacml context attributes and data types



I have limited internet access, and I'm really busy here downing the
Vodka with ZZTop, who was staying at the hotel last night after their
concert.

I haven't gotten to even open up V17 yet.

So we are back to putting the x500Name data type back in the attribute
designator? Geez, I thought the vodka was making my head spin!

-Polar

On Fri, 27 Sep 2002, Simon Godik wrote:

> Polar,
> I assume we have x500Name data type and rfc822Name data type.
> (At least those types are mentioned in the current draft).
> In other words, they are not merely strings.
> In this case, in your example there is type conversion error
> and result would be inderteminate.
> Simon
>
> ----- Original Message -----
> From: "Polar Humenn" <polar@syr.edu>
> To: "Simon Godik" <simon@godik.com>
> Cc: <xacml@lists.oasis-open.org>
> Sent: Friday, September 27, 2002 6:58 AM
> Subject: Re: [xacml] change request: xacml context attributes and data types
>
>
> >
> >
> > I agree with removing the dataType attribute from the
> > xacml-context:Attribute.
> >
> > However, the implications are this:
> >
> > If you have an Attribute of "subject-id" and its value is:
> >
> >   <AttributeValue>CN=Simon Godik, O=OverXeer, OU=Research</AttributeValue>
> >
> > What does the designator:
> >
> > <SubjectMatch MatchId="function:rfc822Name-equal">
> > <SubjectAttributeDesignator AttributeId="subject-id"/>
> > <AttributeValue>simon@godik.com</AttributeValue>
> > </SubjectMatch>
> >
> > evaluate to?
> >
> > Does it evaluate to "indeterminate" because the formal type of
> > rfc822Name-equal is
> >          xacml:rfc822Name -> xacml:rfc822Name -> Bool
> > and the attribute value is an invalid representation of an rfc822Name.
> >
> > Or does it evaluate to "false"?
> >
> > The question in the context of its application, the
> > <SubjectAttributeDesignator Attribute="subject-id">
> > shall return a bag of "rfc822Name", which means that every "subject-id"
> > attribute must have a parseable rfc822Name representation as a value.
> >
> > So, does the designator return "indeterminate" because not *all* values
> > under "subject-id"  are valid string representations of rfc822Name?
> >
> > Or does it return a bag of rfc822Names of *only* the values under
> > "subject-id" that do have valid string representations of rfc822Names? In
> > the example above for the latter case, this designator would return an
> > empty bag.
> >
> > I don't think I'll be able to comment much further, I have to leave real
> > soon.  It's food for thought.
> >
> > Cheers,
> > -Polar
> >
> >
> >
> > On Fri, 27 Sep 2002, Simon Godik wrote:
> >
> > > Currently <xacml-context:Attribute> element allows DataType attribute.
> > >
> > > Rationale for keeping DataType attribute in the
> <xacml-context:Attribute> element was that
> > > it can sometimes be helpful, such as specifiying subject-id format, like
> > > subject-id="cn=simon", data-type="x500-name"
> > >
> > > But this information is redundant, because subject-id attribute will be
> passed to the specific
> > > function that expects arguments of certain type. For example, if
> subject-id is passed to
> > > the x500Name-equal function it expects it's arguments to be in x500 name
> format.
> > >
> > > So data type does not add value here.
> > >
> > > Another problem is that we can not access DataType attribute with
> AttributeDesignator.
> > >
> > > Proposal: remove DataType attribute from the <xacml-context:Attribute>.
> > >
> > > Simon
> > >
> > >
> >
> >
> >
> >
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC