OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Name for match element inSubjectQualifier/SubjectAttributeDesignatorWhere

------- forwarded for Seth Proctor-----------
This is a followup to my last email on Match types in the
SubjectQualifier ([xacml] Problem in
SubjectQualifier/SubjectAttributeDesignatorWhere). If I'm right,
and that structure needs to change, I would like to request that
it not have the same name as the other match objects (ie, it
should not be called something that looks like
SubjectMatchType). While it is similar in structure to the other
match types, the "match" elements used in the qualifer are
symantically an entirely different thing, and should therefore be
logically separated by using a different name, and should not be
covered by the same explanitory text in the spec.

This has confused me all morning, while I've been trying to figure out how to
re-use my existing matching code for the SubjectQualifier...I finally figured
out that my matching code is completely different than what goes in the
qualifier, and that's why I was confused. Reading the spec, the suggestion is
that the matching in the qualifier is the same as the matching in the targets,
which is simply not the case. I would suggest the following to help clarify
things:

  <xs:complexType name="SubjectQualifierType">
    <xs:complexContent>
      <xs:extension base="xacml:AttributeDesignatorType">
        <xs:sequence>
          <xs:element ref="xacml:Qualifier minOccurs="0" maxOccurs="unbounded/>
        </xs:sequence>
      </xs:extension>
    </xs:complexContent>
  </xs:complexType>

  <!-- this fixes the naming problem & the problem raised in my last mail -->
  <xs:element name="Qualifier" type="QualifierType"/>
  <xs:complexType name="QualifierType">
    <xs:sequence>
      <xs:choice>
        <xs:element ref="xacml:AttributeDesignator"/>
        <xs:element ref="xacml:AttributeSelector"/>
      </xs:choice>
      <xs:element ref="xacml:AttributeValue"/>
    </xs:sequence>
    <!-- is this currently QName or anyURI? -->
    <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
  </xs:complexType>

If this makes sense, I will propose language today to include in the spec to
accompany these types.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC