[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Change request on Section 7
Change request on Section 7 I think the order of subsections does not reflect the importance of the functional requirements. I would suggest to change the orders as follows: 7.1 Policy Set evaluation 7.2 Policy evaluation 7.3 Rule evaluation 7.4 (new section) Attribute retrieval from Request Context 7.5 Missing attributes 7.6 Hierarchical resources 7.7 LDAP attributes Section 7.4 is a new section. This section is necessary because we decided to introduce DataType attribute in Context and Policy. AttributeDesignator or AttributeSelector retrieves corresponding attributes in RequestContext by its name and data type specified in the AttributeDesignator or AttributeSelector. For example, if there are two startDate attribute specified in the context whose first attribute has xs:string DataType attribute while whose second attribute has xs:date DataType attribute, and if a policy specifies an EnvironmentAttributeDesignator which includes the startDate as an AttributeId and xs:string as DataType, that attribute desigantor should retrieve only the first attribute not the second attribute. If two data types specified in attribute designator and request context do not match, then appropriate type conversion is performed. Appropriate type conversions are one of the following: any type can be converted into xs:string and xs:string can be converted into other data type if the format is compliant. Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC