[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CD-1 issue #3: dynamic RequestContextPath
The issue number refers to the XLS-sheet found in this email: http://lists.oasis-open.org/archives/xacml/200909/msg00013.html The commenter proposes that the RequestContextPath of an attribute selector made a child element of the attribute selector, so that the xpath can be dynamically constructed using XACML expressions. Note that making this change is non-trivial because XPath expressions are not simple strings. An xpath also relies on a context for namespace prefix resolution, so simple string functions do not work well for constructing xpath expressions. Adopting this proposal would also mean that we have to design a library of xpath manipulation functions. I also have concerns about how this additional power to XACML would affect how XACML can be analyzed and audited, so I would not like to make this change without thinking it through carefully. I propose that we reject this proposal for XACML 3.0 since I think we should wrap up 3.0 now. We can consider this for the future. Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]