OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml] urn:oasis:names:tc:xacml:1.0:function:present


I do not feel strongly about it.  I think MustBePresent usually
works.  If someone wants to avoid errors where an attribute is
not present, they either put the test for the attribute in the
Target, or set MustBePresent=false and test for the size of the
resulting bag.

Anne

On 29 June, Tim Moses writes: RE: [xacml] urn:oasis:names:tc:xacml:1.0:function:present
 > From: Tim Moses <tim.moses@entrust.com>
 > To: 'Polar Humenn' <polar@syr.edu>, 'XACML' <xacml@lists.oasis-open.org>
 > Subject: RE: [xacml] urn:oasis:names:tc:xacml:1.0:function:present
 > Date: Tue, 29 Jun 2004 13:30:21 -0400
 > 
 > Polar - Yeah.  That is more complicated.  Do people feel this is
 > functionality we have to have?
 > 
 > All the best.  Tim.
 > 
 > -----Original Message-----
 > From: Polar Humenn [mailto:polar@syr.edu] 
 > Sent: Monday, June 28, 2004 1:02 PM
 > To: 'XACML'
 > Subject: RE: [xacml] urn:oasis:names:tc:xacml:1.0:function:present
 > 
 > 
 > 
 > We have to be thorough on treatment of this function. I believe we would
 > need four "isPresent" functions, one each for subject,resource, action, and
 > environment.
 > 
 > I can see why we this function got left in the lurch, but I do believe IT IS
 > NEEDED,
 > 
 > I'd rather have a formal way to make decisions based on presence of
 > attribute values, instead of relying on forcing ERROR conditions to
 > calculate policy decisions.
 > 
 > I believe the "present" functions would have to have multiple arguments, to
 > match the semantics of the attribute designators. We would need the URI for
 > the attribute id, the datatype, and the issuer.
 > 
 > urn.oasis.....function:subject-attribute-is-present
 > 
 > This function SHALL take four arguments. The first argument is one of
 > data-type "...anyURI", which matches by URI equality the subject-category.
 > The second argument is one of data-type "...anyURI", which matches by URI
 > equality the id of the attribute(s). The third argument is one of data type,
 > "...anyURI", which matches by URI equality, the data-type of the
 > attribute(s). The fourth argument is a string that matches by string
 > equality, the issuer of the attribute, otherwise may contain the string
 > value of "*" to match any issuer.
 > 
 > urn.oasis.....function:*-attribute-is-present
 >         (where * is one of resource, action, or environment)
 > 
 > This function SHALL take arguments. The first argument is one of data-type
 > "...anyURI", which matches by URI equality the id of the attribute(s). The
 > second argument is one of data type, "...anyURI", which matches by URI
 > equality, the data-type of the attribute(s). The third argument is a string
 > that matches by string equality, the issuer of the attribute, otherwise may
 > contain the string value of "*" to match any issuer.
 > 
 > Did I just make the problem way too hard?
 > 
 > -Polar
 > 
 > 
 > On Mon, 28 Jun 2004, Tim Moses wrote:
 > 
 > > Colleagues - If we are to retain the function "present", how about 
 > > this as a definition?
 > >
 > > urn:oasis:names:tc:xacml:1.0:function:present
 > >
 > > This function SHALL take one argument of data-type 
 > > "http://www.w3.org/2001/XMLSchema#anyURI"; and SHALL return a 
 > > "http://www.w3.org/2001/XMLSchema#boolean";.  The return value SHALL be 
 > > "True" if there exists anywhere in the request context an attribute 
 > > with an attributeId attribute whose value is the same as that of the 
 > > function argument, according to the 
 > > urn:oasis:names:tc:xacml:1.0:function:anyURI-equal function.  
 > > Otherwise, it SHALL return "False".
 > >
 > > What do you think?
 > >
 > > All the best.  Tim.
 > >
 > >
 > >
 > >
 > > -----Original Message-----
 > > From: Polar Humenn [mailto:polar@syr.edu]
 > > Sent: Thursday, June 24, 2004 8:34 AM
 > > To: Seth Proctor
 > > Cc: Tim Moses; 'XACML'
 > > Subject: Re: [xacml] urn:oasis:names:tc:xacml:1.0:function:present
 > >
 > >
 > >
 > > I don't think we trashed that function. Did we? What was confusing 
 > > about it? I don't recall. -Polar
 > >
 > > (won't make the confernce call today. I'm a the OMG meeting.
 > >
 > > -Polar
 > >
 > > On Tue, 22 Jun 2004, Seth Proctor wrote:
 > >
 > > > On Tue, 2004-06-22 at 16:18, Tim Moses wrote:
 > > > > Colleagues - We list the function 
 > > > > "urn:oasis:names:tc:xacml:1.0:function:present" as "mandatory" in 
 > > > > the conformance section.  But, I can't see a definition for it.  
 > > > > Can anyone explain?  All the best.  Tim.
 > > >
 > > > Late into the 1.0 work there was a present function for determining 
 > > > if a value was present, but the semantics got too confused so we 
 > > > trashed it and instead created the MustBePresent attribute on 
 > > > Designators and Selectors. I suspect it's just a mistake that the 
 > > > attribute was left in. I suggest it should be removed.
 > > >
 > > >
 > > > seth
 > > >
 > > >
 > > > To unsubscribe from this mailing list (and be removed from the 
 > > > roster of the OASIS TC), go to 
 > > > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_wor
 > > > kg
 > > > roup.php.
 > > >
 > >
 > 
 > To unsubscribe from this mailing list (and be removed from the roster of the
 > OASIS TC), go to
 > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p
 > hp.
 > 
 > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
 > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]