OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposal for XACML 2.0 Work Item #62: "concatenate" functions

Proposal for XACML 2.0 Work Item #62: "concatenate" functions

Contents
========
Problem statement
Solution overview
Proposed Functions

Problem statement
=================

One use case supplied by Daniel and described as "very common"
follows:

Policies may apply to resources whose identities are
subject-specific instances of a given resource class.  For
example, each subject may have a unique home directory, but each
subject will have a subdirectory named "private" in that home
directory.  The policy writer wants to allow subjects to access
only their own "private" sub-directories.

Solution overview
=================

The proposed solution provides functions for concatenating
AttributeValue values.  As an example of using such a function, a
policy might construct the resource to be protected by taking a
PEP-supplied Subject Attribute for the "home directory" value
with "/private".  Even more generally, the policy might construct
the directory path to be protected from the user's subject-id by
concatenating "/home/", the subject-id, and "/private".

Note that concatenation is not meaningful for all XACML data
types.  The two functions proposed below have clear applications
and should be included in XACML 2.0.  There may be other
concatenation functions that should be defined in the future.

Proposed Functions
==================

A. urn:oasis:names:tc:xacml:2.0:function:string-concatenate

This function SHALL take two or more arguments of data-type
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a
"http://www.w3.org/2001/XMLSchema#string";.  The result SHALL be
the concatenation, in order, of the arguments.

B. urn:oasis:names:tc:xacml:2.0:function:url-string-concatenate

This function SHALL take one argument of data-type
"http://www.w3.org/2001/XMLSchema#anyURI"; and one or more
arguments of type "http://www.w3.org/2001/XMLSchema#string";, and
SHALL return a "http://www.w3.org/2001/XMLSchema#anyURI";.  The
result SHALL be the URI constructed by appending, in order, the
"string" arguments to the "anyURI" argument.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]