OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] problem with status detail


Seth there are problems with your approach. below.

On Sun, 26 Oct 2003, seth proctor wrote:

>
> [apologies in advance if someone has already caught this...I know there
> are discussions about status, but I haven't seen this issue discussed yet]
>
> In 6.15 there is an explination for what detail to include with the
> missing-attribute status code: Attributes specify one or more missing
> values, and if an AttributeValue is included, then this specifies an
> acceptable value. If no AttributeValue is included, then the PDP is
> specifying the identifier and datatype only. Sounds good.
>
> The problem is that at some point the Attribute type was changed from
>
>    <xs:element ref="xacml-context:AttributeValue" minOccurs="0"/>
>
> to
>
>    <xs:element ref="xacml-context:AttributeValue"/>
>
> This means that it's no longer valid to have an Attribute with no
> AttributeValue.

That is correct.

> So, I don't think it's possible for the PDP to specify a missing
> attribute without specifying at least one acceptable value (note that
> even an empty AttributeValue tag, which is still legal, is still
> technically a value). Do others agree? If so, I think this is a problem.
> PDPs need a way to specify missing attributes without providing
> acceptable values.

I don't get what you mean by the PDP specifying an missing attribute?

If an attribute designator always returns a Bag of values.

It is the solid condition that the sought after attribute is considered
missing IF AND ONLY IF the bag is empty.

That is why the AttributeValue was changed to having at least 1.

-Polar

>
> Thoughts? The easiest way to fix this is to allow AttributeValue to be
> optional, but I suspect that may not be acceptable. The other option is
> to create a new element to specify just the meta-data.
>
>
> seth
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]