OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] bags and targets. Forwarded message from Seth Proctor.




This sentence means exactly what it says. If the the selector or
designator evalutates to an empty bag, then there is no match, i.e. the
match "predicate" is False.

The match predicate is akin to asking, "Do you have one or more of any
subject ids that match "john.*". If you have none, then False, if you have
at least one, then True.

This is a composition of three functions:  an Attribute Designator i.e.
"Get me all subject ids", a match filter, i.e. "that match 'john.*', and a
length predicate "length > 0".

Regardless of the match filter, if you have zero elements to start with,
you will end up with zero elements after you apply the match filter, and
therefore, vacuously, you don't have a match.

Cheers,
-Polar



On Thu, 17 Oct 2002, Anne Anderson wrote:

> ------- start of forwarded message -------
> From: Seth Proctor <seth.proctor@sun.com>
>
> After a careful re-read of section A.11, I've decided that most of the text
> looks fine. The one sentence I've got problems with is in Paragraph 3, lines
> 3459-3461:
>
>   If the <AttributeDesignator> or <AttributeSelector> element evaluates
>   to an empty bag, then the result of the expression SHALL be "False".
>
> It seems to me that an empty bag only happens if you can't resolve a value
> for the attribute in question...could this actually mean something else? The
> only thing I could think of is an Attribute in the Request that matched but
> had no AttributeValues in it (this strikes me as a wierd case, but since it's
> allowed, this is possible). If this is the case being described, then this
> should be explained so it's clear. If this is not the case, then isn't an
> empty bag really an Indterminate case? There isn't much discussion elsewhere
> about what exactly AD/AS objects are expected to return, so maybe more text
> in section 5 would help clarify this situation.
>
> I'm also a little uneasy about the language because it borders on defining
> programming interfaces, but I don't want to propose alternate language until
> I understand what's really being described here. What does this sentence mean?
>
> seth
> ------- end of forwarded message -------
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC