[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: MultipleCondition
All, I promised during the call to send the old MultipleCondition element specification to the list so it could serve as inspiration for supporting multiple subjects with identical categories. Here it is as it was in the delegation draft before I removed it: <MultipleCondition> element The <MultipleCondition> element SHALL condition all <xacml-context:Attributes> elements of a given category by matching attribute values in all of the <xacml-context:Attributes> elements with an embedded attribute value. The <MultipleCondition> MAY be passed to the <Apply> element as an argument or appear in the <Condition> element. <xs:element name="MultipleCondition" type="xacml:MultipleConditionType" substitutionGroup="xacml:Expression"/> <xs:complexType name="MultipleConditionType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> <xs:attribute name="Category" type="xs:anyURI" use="required"/> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:string" use="optional"/> </xs:extension> </xs:complexContent> </xs:complexType> The <MultipleCondition> element is of MultipleConditionType complex type. The <MultipleCondition> element contains the following attributes and elements: FunctionId [Required] Specifies a matching function. The value of this attribute MUST be of type xs:anyURI, with legal values as defined in Section 7.5 of the XACML core specification. Category [Required] This attribute SHALL specify the attribute category of the <xacml-context:Attributes> elements with which to match the embedded attribute value. AttributeId [Required] This attribute SHALL specify the AttributeId of the attributes with which to match the embedded attribute value. DataType [Required] The embedded attribute value SHALL be matched against attributes of this type. Issuer [Optional] This attribute, if supplied, SHALL specify the Issuer of attributes with which to match the embedded attribute value. <AttributeValue> [Required] Embedded attribute value. ---8<--- <MultipleCondition> element evaluation This element represents a boolean conjunctive condition on all <Attributes> elements with a given Category. If there are no <Attributes> elements with Category equal to the Category of the <MultipleCondition> element in the request context, the <MultipleCondition> expression evaluates to “True”. For each <Attributes> element with an equal Category, the AttributeId, DataType and Issuer attributes are used to retrieve a bag of attributes from the <Attributes> element. An attribute from the <Attributes> element is included in the bag iff the AttributeId of the <MultipleCondition> is uri-equal with the AttributeId of the <Attribute> element from the <Attributes> element, the DataType of the <MultipleCondition> is uri-equal with the DataType of the <Attribute> from the <Attributes> element, and, if the Issuer is present in the <MultipleCondition>, the Issuer of the <MultipleCondition> is uri-equal to the Issuer of the <Attribute> from the <Attributes> element. If any of the retrieved attribute bags is empty, the <MultipleCondition> expression evaluates to “False”. For each retrieved attribute bag, the function indicated by the FunctionId of the <MultipleCondition> is applied to the embedded attribute and each attribute of the bag in turn. If there is at least one bag with no attribute which evaluates the function to “True”, the <MultipleCondition> evaluates to “False”. If all bags contain at least one attribute which evaluates the function to “True”, the <MultipleCondition> evaluates to “True”. Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]