OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Delegation draft 14 uploaded

Daniel Engovatov wrote:

>>I created a section in the document listing the attribute categories
>>that are used by the delegation features. I called the section
>>    
>>
>"Reserved
>  
>
>>Attribute Categories" and put Delegate, IndirectDelegate,
>>    
>>
>DelegationInfo
>  
>
>>and Delegated* there. Should we worry about collisions between category
>>names defined by us and users? If so, how do we handle it? A convention
>>similar to the C-language underscore?
>>    
>>
>
>I think following the URN naming convention that we have everywhere
>should be sufficient to prevent collisions..  I think that if some user
>names his attribute category starting with urn:oasis:names:tc:xacml:  -
>they deserve to have a collision issue.
>  
>

Yes, this makes sense. This means I must stop using categories such as
"Subject" and start using
"urn:oasis:names:tc:xacml:attribute:category:subject". I'll correct that
for the next draft.

>>We were just going to remove subject categories, right? So, in the
>>"access permitted" feature, I removed all references to them.
>>    
>>
>We are not removing subject categories.  They are all the same - just
>mentioned in a different attribute in the designator..
>Daniel;
>  
>

Yes, that was what I meant with "remove". :-) There is no longer a
special XML attribute for them. Just to make sure we agree, this is what
I think we agreed on:

XACML 2.0:

<Target>
  <Subject SubjectCategory="http://mydns.com/my-subject-category";>
    <Attribute
      AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
      DataType="http://www.w3.org/2001/XMLSchema#string";>
      <AttributeValue>Alice</AttributeValue>
    </Attribute>
  </Subject>
</Target>

XACML 3.0:

<Target>
  <Attributes Category="http://mydns.com/my-subject-category";>
    <Attribute
      AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
      DataType="http://www.w3.org/2001/XMLSchema#string";>
      <AttributeValue>Alice</AttributeValue>
    </Attribute>
  </Attributes>
</Target>

In other words, we just make the attribute category to be the subject
category and the old "Subject" from XACML 2.0 becomes translated into
the access subject category in XACML 3.0. Correct me if I am mistaken.

Regards, Erik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]