[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Issue 40: <ResourceContent> element
Hi Erik, Erik Rissanen wrote: > Instead I > suggest that we place the <Content> element inside the <Attributes> element: > > <Request> > ... > <Attributes Category=”...:resource> > ... > <Content>...</Content> > </Resource> > <Attributes Category=”...:resource> > ... > <Content>...</Content> > </Resource> > ... > </Request> > > In this case it is simpler to provide backwards compatibility. I agree. > > BTW, talking about backwards compatibility of attribute selectors, > translating 2.0 policies into 3.0 means rewriting the xpath expressions > in attribute selectors since the <Resource> element is now called > <Attributes>. Are there any concerns about this? For simple expressions > it is obvious how to do it, but what about in general? I think it is OK. Any complexity in the expressions would be below the level of /Resource <=> /Attributes > > Another minor issue is that the schema which Daniel wrote earlier does > not allow anyAttribute on the Content element, which the old one did. > This could be a problem with backwards compatibility, so I suggest we > allow that. Agreed. > > Finally, I think the examples in the 2.0 spec are wrong. On page 31, > line a217 the xpath expression looks like “//xacml-context:Resource/….” > while it on page 34, line a290 looks like “//md:record/…”. As far as I > can tell, the latter is wrong. Right? Yes. The spec's normative text in Section 5.4 Element <AttributeSelector> explicitly says "whose context node is the <xacml-context:Request> element." Thanks for your continued attention to these details! Regards, Anne > > > Best regards, > Erik > > > -- Anne H. Anderson Anne.Anderson@sun.com Sun Microsystems Labs 1-781-442-0928 Burlington, MA USA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]