[xacml] IsPresent semantics

[Polar Humenn <polar@syr.edu>]

I'm writing up the semantics for the *IsPresent elements, and I want your
immediate feed back for this ResourceAttributeIsPresent text, as the other
elements will just probably be a cut and paste of it with the names
changed.

Note, that this text should also apply to the *AttributeDesignator
elements as well, as they are close counterparts.

Q: What about QName equality? See match on DataType.



5.1.x Element <ResourceAttributeIsPresent>

The <ResourceAttributeIsPresent> element SHALL result in true if the
named resource attribute can be located from within the <Resource>
element of the <xacml-context:Request> element. A result of true SHALL
mean that an <ResourceAttributeDesignator> element for this named
attribute will return a bag consisting of at least one attribute value.
The MustBePresent attribute governs whether this element returns false
or indeterminate in the case of finding no value for the named attribute
in the request context. In this case, if the MustBePresent attribute is
set to false, which is its default value, this element SHALL result in
false. However, for this case, if the MustBePresent attribute is set to
true, the expression SHALL result in indeterminate. Regardless of the
MustBePresent attribute, if it cannot be determined whether the
attribute is present or not present in the request context, or the value
of the attribute is unavailable, then the expression SHALL result in
indeterminate.

A resource attribute SHALL be considered present if at least one
attribute exists within the <Resource> in the <xacml-context:Request>
element that matches the values of their corresponding AttributeId,
DataType, and Issuer attributes. The AttributeId attribute MUST match,
by string equality on the URIs, that of the AttributeId attribute of the
<xacml-context:Attribute> element. The DataType attribute MUST match, by
string [Qname?] equality, that of the DataType attribute of the same
<xacml-context:Attribute> element. If the Issuer attribute of this
<ResourceAttributeIsPresent> element is supplied, it MUST match, by
string equality, the Issuer attribute of the same
<xacml-context:Attribute> element. If the Issuer attribute of this
<ResourceAttributeIsPresent> element is not supplied, presence SHALL be
governed by AttributeId and DataType attributes alone, regardless of the
Issuer attribute of the same <xacml-context:Attribute> element even if
the Issuer attribute is not supplied in the located
<xacml-context:Attribute> element.

The <ResourceAttributeIsPresent> MAY be passed to the <Apply> element as
an argument.

    <xs:element name="ResourceAttributeIsPresent"
                type="xacml:AttributeDesignatorType"/>

The <ResourceAttributeIsPresent> element is of the
AttributeDesignatorType complex type.

The <ResourceAttributeIsPresent> element has the following attributes:

AttributeId [Required]

    This attribute SHALL specify the AttributeId of which to match the
    attribute.

DataType [Required]

    This attribute SHALL specify the DataType of which to match the
    attribute.

Issuer [Optional]

    This attribute, if supplied, SHALL specify the Issuer of which to
    match the attribute.

MustBePresent [Optional]

    This attribute, if set to "false," specifies that this element SHALL
    result in false if no matching attributes can be found. This
    attribute, if set to "true," specifies that this element SHALL
    result in indeterminate if no matching attributes can be found. If
    this attribute is not supplied, its default value SHALL be "false".