[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] bags and targets. Forwarded message from Seth Proctor.
------- start of forwarded message ------- From: Seth Proctor <seth.proctor@sun.com> After a careful re-read of section A.11, I've decided that most of the text looks fine. The one sentence I've got problems with is in Paragraph 3, lines 3459-3461: If the <AttributeDesignator> or <AttributeSelector> element evaluates to an empty bag, then the result of the expression SHALL be "False". It seems to me that an empty bag only happens if you can't resolve a value for the attribute in question...could this actually mean something else? The only thing I could think of is an Attribute in the Request that matched but had no AttributeValues in it (this strikes me as a wierd case, but since it's allowed, this is possible). If this is the case being described, then this should be explained so it's clear. If this is not the case, then isn't an empty bag really an Indterminate case? There isn't much discussion elsewhere about what exactly AD/AS objects are expected to return, so maybe more text in section 5 would help clarify this situation. I'm also a little uneasy about the language because it borders on defining programming interfaces, but I don't want to propose alternate language until I understand what's really being described here. What does this sentence mean? seth ------- end of forwarded message -------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC