[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Complication with the xpath context node change
All, We decided to change the context node of xpaths so the context node is the <Content> element instead of the <Request> element. This means that at the various places where an xpath appears, the category of the <Content> element must be indicated. There is no problem in adding a Category XML attribute to the <AttributeSelector>, but there is a problem with the xpath-match functions. Adding the category as an argument of the functions make the functions take three arguments, so they can no longer be used in a Match in a target. This is a loss of functionality compared to 2.0 and I don't think we should do that. What I propose is that we change the new xpath datatype in 3.0 to include the category. Something like this: <AttributeValue DataType="urn:oasis:...:xpathExpression"> <XPath Category="urn:oasis:...:resource">some/xpath/here</XPath> </AttributeValue> It would also be possible to put the Category attribute directly in the AttributeValue element since it allows any attributes. Like this: <AttributeValue DataType="urn:oasis:...:xpathExpression" Category="urn:oasis:...:resource"> some/xpath/here </AttributeValue> I am not sure which one I prefer. I cannot think of any use of xpaths in XACML which does not apply to the request, so coupling the category and the path like this seems ok to me. If there would be some other use which is not bound to a category, the category can simply be ignored. Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]