OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Context attribute clarification


Colleagues - Rebekah has pointed out some inconsistencies in the way we deal
with attributes in the request context.  Below are two examples of
attributes.

In the first case, we have a multi-valued attribute of primitive type.  This
is relatively straightforward.  The data-type is defined in the <Attribute>
element.  In this case, the <AttributeValue> element SHOULD NOT have any xml
attributes.

<xacml-context:Attribute AttributeId="urn:com:food:favouriteVegetables"
DataType="http://www.w3.org/2001/XMLSchema#string";>
 <xacml-context:AttributeValue>Brocolli</xacml-context:AttributeValue>
 <xacml-context:AttributeValue>Parsnip</xacml-context:AttributeValue>
</xacml-context:Attribute>

A matching <SubjectAttributeDesignator> or <AttributeSelector> would return
a bag containing two strings.

In the second case, we have a multi-valued attribute of complex type.

<xacml-context:Attribute xmlns:Food="urn:com:food"
AttributeId="Food:favouriteMeals" DataType="Food:Dish">
 <xacml-context:AttributeValue>
  <Food:Dish BestSeason="Fall">
   <Food:Main>Potato pie</Food:Main>
   <Food:Veg>Brocolli</Food:Veg>
  </Food:Dish>
  <Food:Dish BestSeason="Fall">
   <Food:Dessert>Apple pie</Food:Dessert>
   <Food:Topping>Double Devon cream</Food:Topping>
  </Food:Dish>
 </xacml-context:AttributeValue>
 <xacml-context:AttributeValue>
  <Food:Dish BestSeason="Spring">
   <Food:Main>Asparagus quiche</Food:Main>
   <Food:Salad>Spinach</Food:Salad>
  </Food:Dish>
  <Food:Dish BestSeason="Spring">
   <Food:Dessert>Crème brulée</Food:Dessert>
  </Food:Dish>
 </xacml-context:AttributeValue>
</xacml-context:Attribute>

A matching <SubjectAttributeDesignator> or <AttributeSelector> would return
a bag containing four <Food:Dish> elements.

In this case, the <Attribute> element DataType attribute contains the QName
of the attribute element.  Additionally, the namespace has to be declared.

Conclusion: the DataType attribute of the <Attribute> element should be
required.  If the <AttributeValue> is of primitive type, the DataType
attribute MUST contain the type identifier of the attribute as a URI.  Also,
in this case, the xml attribute in the <AttributeValue> element MUST be
omitted.

If the <AttributeValue> element has complex contents, then the namespace
MUST also be declared and it is RECOMMENDED that it be declared in the
<Attribute> element.  Also, in this case, the DataType attribute of the
<Attribute> element MUST contain the QName of the attribute element.  The
<AttributeValue> element may contain xml attributes.

Is this consistent with everyone's thinking?  All the best.  Tim.

-----------------------------------------------------------------
Tim Moses
613.270.3183


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]