[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: problem with status detail
[apologies in advance if someone has already caught this...I know there are discussions about status, but I haven't seen this issue discussed yet] In 6.15 there is an explination for what detail to include with the missing-attribute status code: Attributes specify one or more missing values, and if an AttributeValue is included, then this specifies an acceptable value. If no AttributeValue is included, then the PDP is specifying the identifier and datatype only. Sounds good. The problem is that at some point the Attribute type was changed from <xs:element ref="xacml-context:AttributeValue" minOccurs="0"/> to <xs:element ref="xacml-context:AttributeValue"/> This means that it's no longer valid to have an Attribute with no AttributeValue. So, I don't think it's possible for the PDP to specify a missing attribute without specifying at least one acceptable value (note that even an empty AttributeValue tag, which is still legal, is still technically a value). Do others agree? If so, I think this is a problem. PDPs need a way to specify missing attributes without providing acceptable values. Thoughts? The easiest way to fix this is to allow AttributeValue to be optional, but I suspect that may not be acceptable. The other option is to create a new element to specify just the meta-data. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]