[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Attribute categories.
All,
I just noticed that, if I understand this correctly, it not possible to
write a disjunction in the target with the new attribute categories
schema. In XACML 2.0 you can write:
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="...equals">
<SubjectAttributeDesignator>
...A...
</SubjectMatch>
</Subject>
<Subject>
<SubjectMatch MatchId="...equals">
<SubjectAttributeDesignator>
...B...
</SubjectMatch>
</Subject>
</Subjects>
</Target>
and a request with either subject A or B would match.
In the new attribute categories schema the Match appears directly below
Target:
<Target>
<Match MatchId="...equals">
<AttributeDesignator Category="Subject">
...A...
</Match>
</Target>
so it is no longer possible to write a disjunction. Did I understand it
correctly?
Regards,
Erik
Daniel Engovatov wrote:
> Attached is a version of the request and policy schemas implementing
> extensible attribute categories proposal, as we discussed it.
> I also attached some rendering of the changed schema type.
> Could this be uploaded somewhere, so that I can link it from wiki and
> write descriptions for all the changes?
>
> Daniel;
>
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]