[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Section B.6 - Resource attributes
Thanks Anne 1. "In the former case, the attribute identifier SHALL appear in the ResourceAttributeDesignator> element." I only included this sentence as a counterpart to the earlier sentence: "The corresponding attributes MAY appear in the <Resource> element of the request context". You are right; it's redundant. I'll take it out. 2. OK. I'll remove any restriction on the type of resource-id. 3. I'll drop the xpath attribute. 4. I'll add the document-id attribute. Can we say anything about this attribute and what it might contain? How about this? ... Draft 13 These identifiers indicate attributes of the resource. The corresponding attributes MAY appear in the <Resource> element of the request context and be accessed by means of a <ResourceAttributeDesignator> element, or by an <AttributeSelector> element that points into the <Resource> element of the request context. This attribute identifies the contents of the <xacml-context:ResourceContent> element. urn:oasis:names:tc:xacml:1.0:resource:document-id This attribute identifies the resource to which access is requested. Note: the resource to which access is requested may not be the same as the resource supplied in the <xacml-context:ResourceContent> element. urn:oasis:names:tc:xacml:1.0:resource:resource-id This attribute identifies the namespace of the top element of the contents of the <xacml-context:ResourceContent> element. In the case where the resource content is supplied in the request context and the resource namespace is defined in the resource, the PDP SHALL confirm that the namespace defined by this attribute is the same as that defined in the resource. The type of the corresponding attribute SHALL be "http://www.w3.org/2001/XMLSchema#anyURI". urn:oasis:names:tc:xacml:2.0:resource:target-namespace -----Original Message----- From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] Sent: Tuesday, July 27, 2004 11:26 AM To: Tim Moses Cc: 'XACML' Subject: Re: [xacml] Section B.6 - Resource attributes On 27 July, Tim Moses writes: [xacml] Section B.6 - Resource attributes > Colleagues - Some proposed changes to Section B.6. Any comments? All the > best. Tim. > > Draft 13 > > These identifiers indicate attributes of the resource. The corresponding > attributes MAY appear in the <Resource> element of the request context and > be accessed by means of a <ResourceAttributeDesignator> element, or by an > <AttributeSelector> element that points into the <Resource> element of the > request context. In the former case, the attribute identifier SHALL appear > in the <ResourceAttributeDesignator> element. I don't understand why the last sentence is needed. If the attribute is in the <Resource> element and is accessed by means of a <ResourceAttributeDesignator> element, doesn't that mean the attribute identifier must by definition appear in the <ResourceAttributeDesignator> element? > This identifier indicates the URI of the resource. The type of the > corresponding attribute SHALL be "http://www.w3.org/2001/XMLSchema#anyURI". > urn:oasis:names:tc:xacml:1.0:resource:resource-id The Hierarchical Resource Profile for XML resources proposes that the DataType of the resource-id be "xpath-expression", identifying the specific node of the resource that is being requested. In this case, the optional "document-id" resource Attribute can be used to hold the URI of the entire XML document. I think Daniel also objected to forcing resource-id to be a URI. Or maybe it was just a URI conforming to my proposed hierarchical URI scheme :-) So is there a reason resource-id must be a URI? > This identifier indicates the name-space of the top element of the resource. > In the case where the resource content is supplied in the request context > and the resource namespace is defined in the resource, the PDP SHALL confirm > that the namespace defined by this attribute is the same as that defined in > the resource. The type of the corresponding attribute SHALL be > "http://www.w3.org/2001/XMLSchema#anyURI". > urn:oasis:names:tc:xacml:2.0:resource:target-namespace > This identifier indicates an xpath expression whose context node is the > <xacml-context:Request> element. This attribute SHALL only appear in the > <ResourceAttributeDesignator> element. The type of the corresponding > attribute SHALL be > "urn:oasis:names:tc:xacml:2.0:data-type:xpath-expression". > urn:oasis:names:tc:xacml:2.0:resource:xpath I proposed that we drop the "xpath" Attribute, since there is no need for it with the Hierarchical Resource Profile. "resource-id" in that case will contain the xpath expression pointing to the requested node. Note that the reason for putting the xpath-expression pointing to the requested node into the "resource-id" Attribute is so that the Response <Result> ResourceId XML attribute can copy the resource-id Attribute and have it be an unambiguous reference to the node to which the <Result> corresponds. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]