Re: [xacml] x500

[Erik Rissanen <erik@axiomatics.com>]

Hello again,

When I read it again, it seems veryclear to me. It says that it shall 
return true if the first argument matches with the x500-equal function. 
It doesn't say "a piece of the first argument matches with x500-equal". 
So it's clear the the whole first argument must match the end of the 
second argument.

Regards,
Erik

Erik Rissanen wrote:
> Hello Florian,
>
> I don't think that is what is meant. It wouldn't be a useful operation 
> since you could get the same effect with
>
> first argument: o=oasis
> second argument: dn=alice,ou=xacml,o=oasis
>
> Also "sequence" means more than one entry, not just the last one.
>
> Best regards,
> Erik
>
>
> Florian Huonder wrote:
>> Hi,
>>
>> I also think that this is the right interpretation of "terminal 
>> sequence".
>> But there are also people who think that "terminal sequence" is meant 
>> as,
>> "final sequence".
>>
>> This would mean:
>> first argument: ou=hello,o=oasis
>> second argument: dn=alice,ou=xacml,o=oasis
>>
>> this would also return true.
>>
>> Regards,
>> Florian
>>
>> -----Original Message-----
>> From: Erik Rissanen [mailto:erik@axiomatics.com] Sent: Donnerstag, 4. 
>> Juni 2009 09:38
>> To: bill parducci
>> Cc: XACML TC
>> Subject: Re: [xacml] x500
>>
>> All,
>>
>> These were defined before my time in the TC, but when I read the 
>> spec, it appears clear to me that "equal" returns true only on exact 
>> equality and "match" returns true if the first argument matches a 
>> terminal sequence of the second argument. In an example:
>>
>> first argument: ou=xacml,o=oasis
>> second argument: dn=alice,ou=xacml,o=oasis
>>
>> in this case
>>
>> x500-equal -> false
>> x500-match -> true
>>
>> Or at least this is my interpretation of "terminal sequence".
>>
>> Best regards,
>> Erik
>>
>>
>> bill parducci wrote:
>>  
>>> does anyone recall why there is an x500Name-match and an 
>>> x500Name-equal function in the spec? they seem to serve the same 
>>> purpose however the latter is more concisely written and it almost 
>>> seems as if it was meant to supersede the -match function.
>>>
>>> thanks
>>>
>>> b
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this mail list, you must leave the OASIS TC that
>>> generates this mail.  Follow this link to all your TCs in OASIS at:
>>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>>     
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>
>>   
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php