OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: The X500 match function

All,

The proposed text below for the x500 match function from the last 
meeting minutes reverses the behaviour of the two arguments compared to 
the current specification. And I am not sure I like the term "root of 
the subtree". A root is typically a single node, not a sequence of 
nodes, as in this case.

BTW, I have doubts about making any change to this definition. I think 
the current definition is quite clear, and if we change it, somebody may 
think that we have changed the behaviour. But if we think it needs 
clarification, then I propose this instead:

   "urn:oasis:names:tc:xacml:1.0:function:x500Name-match
    This function shall take two arguments of
    'urn:oasis:names:tc:xacml:2.0:data-type:x500Name'
    and shall return an 'http://www.w3.org/2001/XMLSchema#boolean'. It
    SHALL return “True” if and only if the subtree specified by the
    first argument matches, beginning at the root, the subtree specified 
by the
    second argument, when compared using x500Name-equal and the length
    of the second subtree is larger than or equal to the length of the
    first subtree."

BTW, there is something wrong going on here. The function name is 
"...:xacml:1.0:...", but the data type of its arguments is 
"...:xacml:2.0:...". It's like that in the 2.0 spec as well. Does anyone 
know what's going on here?

Best regards,
Erik

Bill Parducci wrote:
>
> 3. Issues
>    x.500
>    Bill offered that David Chadwick's proposed text is a more precise
>    statement of the intended functionality and suggests that we adopt it
>    as a clarifying edit.
>
>    "urn:oasis:names:tc:xacml:1.0:function:x500Name-match
>     This function shall take two arguments of
>     'urn:oasis:names:tc:xacml:2.0:data-type:x500Name'
>     and shall return an 'http://www.w3.org/2001/XMLSchema#boolean'. It
>     SHALL return “True” if and only if the subtree specified by the
>     first argument matches the root of the subtree specified by the
>     second argument, when compared using x500Name-equal and the length
>     of the first subtree is larger than or equal to the length of the
>     second subtree."

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]