RE: [xacml] urn:oasis:names:tc:xacml:1.0:function:present

[Polar Humenn <polar@syr.edu>]

We have to be thorough on treatment of this function. I believe we would
need four "isPresent" functions, one each for subject,resource, action,
and environment.

I can see why we this function got left in the lurch, but I do believe IT
IS NEEDED,

I'd rather have a formal way to make decisions based on presence of
attribute values, instead of relying on forcing ERROR conditions to
calculate policy decisions.

I believe the "present" functions would have to have multiple arguments,
to match the semantics of the attribute designators. We would need the URI
for the attribute id, the datatype, and the issuer.

urn.oasis.....function:subject-attribute-is-present

This function SHALL take four arguments. The first argument is one of
data-type "...anyURI", which matches by URI equality the subject-category.
The second argument is one of data-type "...anyURI", which matches by URI
equality the id of the attribute(s). The third argument is one of data
type, "...anyURI", which matches by URI equality, the data-type of the
attribute(s). The fourth argument is a string that matches by string
equality, the issuer of the attribute, otherwise may contain the string
value of "*" to match any issuer.

urn.oasis.....function:*-attribute-is-present
        (where * is one of resource, action, or environment)

This function SHALL take arguments. The first argument is one of data-type
"...anyURI", which matches by URI equality the id of the attribute(s). The
second argument is one of data type, "...anyURI", which matches by URI
equality, the data-type of the attribute(s). The third argument is a
string that matches by string equality, the issuer of the attribute,
otherwise may contain the string value of "*" to match any issuer.

Did I just make the problem way too hard?

-Polar


On Mon, 28 Jun 2004, Tim Moses wrote:

> Colleagues - If we are to retain the function "present", how about this as a
> definition?
>
> urn:oasis:names:tc:xacml:1.0:function:present
>
> This function SHALL take one argument of data-type
> "http://www.w3.org/2001/XMLSchema#anyURI"; and SHALL return a
> "http://www.w3.org/2001/XMLSchema#boolean";.  The return value SHALL be
> "True" if there exists anywhere in the request context an attribute with an
> attributeId attribute whose value is the same as that of the function
> argument, according to the
> urn:oasis:names:tc:xacml:1.0:function:anyURI-equal function.  Otherwise, it
> SHALL return "False".
>
> What do you think?
>
> All the best.  Tim.
>
>
>
>
> -----Original Message-----
> From: Polar Humenn [mailto:polar@syr.edu]
> Sent: Thursday, June 24, 2004 8:34 AM
> To: Seth Proctor
> Cc: Tim Moses; 'XACML'
> Subject: Re: [xacml] urn:oasis:names:tc:xacml:1.0:function:present
>
>
>
> I don't think we trashed that function. Did we? What was confusing about it?
> I don't recall. -Polar
>
> (won't make the confernce call today. I'm a the OMG meeting.
>
> -Polar
>
> On Tue, 22 Jun 2004, Seth Proctor wrote:
>
> > On Tue, 2004-06-22 at 16:18, Tim Moses wrote:
> > > Colleagues - We list the function
> > > "urn:oasis:names:tc:xacml:1.0:function:present" as "mandatory" in
> > > the conformance section.  But, I can't see a definition for it.  Can
> > > anyone explain?  All the best.  Tim.
> >
> > Late into the 1.0 work there was a present function for determining if
> > a value was present, but the semantics got too confused so we trashed
> > it and instead created the MustBePresent attribute on Designators and
> > Selectors. I suspect it's just a mistake that the attribute was left
> > in. I suggest it should be removed.
> >
> >
> > seth
> >
> >
> > To unsubscribe from this mailing list (and be removed from the roster
> > of the OASIS TC), go to
> > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workg
> > roup.php.
> >
>