OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: URI match function






I have a question on url-match function proposed by Tim.
(I would prefer uri-match to url-match though)
According to his proposal, is the following correct?

1st arg           2nd arg           result
/a/b        /a/b        match
/a/b        /a          no match
/a/b/*            /a/b        no match
/a/b/*            /a/b/       match
/a/b/*            /a/b/c            match
/a/b/*            /a/b/c/d    match

IMO, /a/b/* should match only to e.g. /a/b/c and /a/b/d.

So I would like to propose another URI mapping that addresses
hierarchical structure.
For example, / matches any paths such as /a, /a/b.
/a matches any paths that starts with /a. So /a matches
/a, /a/b, /a/b/c, /a/d etc.
Since the path specified as the first argument always propagates
through the hierarchy, the function might be called as
"uri-match-with-propagation".

Best
Michiharu
--------------------------------------
Posted by Tim Moses

Colleagues - Here is a draft of the proposed URL-match function (with help
from JSR 115).  All the best.  Tim.

urn:oasis:names:tc:xacml:2.0:function:url-match

This function takes two arguments of type
http://www.w3.org/2001/XMLSchema#anyURI and SHALL return an
http://www.w3.org/2001/XMLSchema#boolean.   It SHALL return "True" if all
of
the following conditions hold.  Otherwise, it SHALL return "False".

1.    The scheme part of both arguments SHALL be the same and SHALL be
either "http", "https" or "file".  The scheme parts MAY be compared using
urn:oasis:names:tc:xacml:1.0:function:string-equal, once both parts have
been normalized to upper-case.
2.    The authority part of the first argument SHALL match the authority
part of the second argument by either
urn:oasis:names:tc:xacml:2.0:function:ipAddress-match or
urn:oasis:names:tc:xacml:2.0:function:dnsName-match.
3.    The path part of the first argument SHALL match the path part of the
second argument in at least one of the following ways.
3a    The path part of the first argument matches the path part of the
second argument by urn:oasis:names:tc:xacml:1.0:function:string-equal.
3b    The path part of the first argument is the string "/*".
3c    The path part of the first argument starts with "/" and ends with
"/*" and the path part of the second argument starts with the same string
as
the path part of the first argument, minus its last 2 characters, and the
next character of the path part of the second argument, if present, is "/".
3d    The path part of the first argument starts with "*." and the path
part of the second argument ends with the same string as the path part of
the first argument, minus its first 2 characters.
3e    The path part of the first argument is the special string, "/",
which matches all other paths.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]