[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Request Context Attribute question
Polar Humenn wrote: > Q1: How is equality amongst attributes defined? Which components matter? > attribute-id > data-type > issuer > issue-instant? > attribute-value > > We only have facility to match on attribute-id, data-type, and issuer, > correct? That's my understanding. A designator requires a datatype and id, which must match. You may also supply an issuer, which also must match. The issue-instant may be useful in a selector, but there's nothing in the XACML specification that talks about matching using this value. The same is true for values. > Q2: Do we have a requirement for multiple EQUAL attributes? (i.e. the same > attribute-id, data-type, issuer, (issuer-instant?), AND THE SAME > VALUE? > > To phrase it differently, For example, does anybody have a requirement > to get 3 attributes of the same value? I don't know that there is a requirement, but it is certainly supported. You are allowed to have as many attribute values as you like with the same id and datatype, and there are no rules that these attributes can't have the same value. I know that doesn't really answer your question, but I thought I'd at least provide some data :) FWIW, it seems to me that a requirement here might imply a requirement for "is present" and/or "is not present." seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]