OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] The <ResourceContent> element again

Erik,

I did not understand why "It is a functional requirement that the 
<AttributeSelector> searches the request for the id elements."  I can 
understand that the XPath expression in the AttributeSelector may 
reference the id element, but that is not a functional requirement for 
AttributeSelector, just the meaning of the XPath expression.

Regards,
Anne

Erik Rissanen wrote On 02/20/07 02:41,:
> All,
> 
> I moved the element formerly known as <ResourceContent> inside the
> <Attributes> element and added anyAttributes to it, to make it backwards
> compatible, as discussed during the meeting.
> 
> There is one small issue still which I encountered. According to
> Daniel's proposal, the <Content> element contains an XML attribute
> called "id" which is required. An attribute selector may use this
> attribute to refer to the <Content> element. There was no such id
> attribute in 2.0, so I made it optional, or otherwise, when translating
> 2.0 policies, we would have to generate dummy ids which won't be used,
> which is a bit ugly in my opinion.
> 
> Another thing I was thinking about: Should we allow multiple <Content>
> elements in a single category? In 2.0 only one <ResourceContent> element
> was allowed. If we allow only one <Content> element, now that the
> <Content> element is inside the <Attributes> element, it is identified
> by the category of the <Attributes> element, so the id attribute is not
> really needed. (Thought it is still useful in the attribute selector, to
> select a document from an implementation specific source, as proposed by
> Daniel.) Actually, it is strictly not needed in any case, since it is
> possible to match on any XML attribute in an XPath expression.
> 
> For now I am writing it so only one <Content> element per <Attributes>
> element is allowed and the id attribute is optional. It is a functional
> requirement that the <AttributeSelector> searches the request for the id
> elements.
> 
> Let me know if you disagree.
> 
> Regards,
> Erik
> 
> 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]