[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] URI match function
Anne Anderson wrote: > On 12 May, Tim Moses writes: RE: [xacml] URI match function > > 1. the "scheme" part matches by string-equals; > > "scheme" is case-independent. > > > 2. the "server" part matches by dnsName-match; and > > 3. the "path" part matches by initial substring. > > Since the URI specification requires that hierarchical components > in a URI be separated by "/", you might want to specify that the > "path" part matches an initial set of hierarchical components in > the other value. hmmm... this brings up an interesting thought: what about polices that use relative references? (e.g. "./foo*.html") although legal URIs, how (and where) would one go about dereferencing them for evaluation using the idea above? regex would seem to provide the most flexible solution in that case i would think. i am trying to think of the limitations of this approach and i can't really think of any (other than seth and i trying to agree on what the regex expressions would look like ;o) conversely, i am not sure what a modular (i.e. domain/path/resource) matching mechanism would provide in terms of benefits. what am i missing? b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]