[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 71, Treating different subject categories as different entities
All, Issue 71 proposes that multiple Attributes elements with the same category should be treated as distinct elements. This is contrary to how it was in 2.0 and how 3.0 is currently. I propose that we do not adopt the proposal and that issue 71 is closed without action. There are two reasons for this: 1) A minor reason is that it clashes with the multiple request syntax. But this would be trivial to fix by introducing some other syntax for the multiple requests. 2) It significantly changes the behavior of the very basics of XACML. The current AttributeDesignator functionality breaks since then it is no longer clear which particular instance of an <Attributes> element an attribute designator refers to. All uses of AttributeDesignators in targets would have to be qualified with either a) which instance it refers to (how do we identify instances), b) that the Match requires "Any" of the elements to match or c) that the Match requires "All" of the elements to match. Similarly the attribute designator could not be used in <Apply> expressions as it is today. Some for of qualification would be needed there as well. This complicates all XACML policies since policy writers now have to consider the cases when an element accurs once or multiple times, even if they would be doing "regular" XACML requests like they always have done. And it breaks compatibility with 2.0 since there is no obvious way to decide how to relate a 2.0 target/condition to the new proposed request model. I don't think these complications are worth it. Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]