[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] resource:xpath and XPathCategory
>> The core spec should provide better definition of the semantics and >> processing expectations for resource:xpath. I agree. I asked about this on the mailing list about a month ago and got no response. Regards, Craig --- craig forster | staff software engineer | ibm australia development labs http://blogs.tap.ibm.com/weblogs/craigforster/ From: "Tyson, Paul H" <PTyson@bellhelicopter.textron.com> To: <xacml@lists.oasis-open.org> Date: 20/10/2009 06:11 AM Subject: [xacml] resource:xpath and XPathCategory While working out what the spec says about requests for decisions on XML resources, I found some features that appear to be underspecified. Line numbers refer to cd-1 PDF core spec. Item #1. XPathCategory xml attribute This appears in the examples in the core spec, and is mentioned on line 3890. However, it does not appear in the element description for <AttributeValue>, nor in the xsd. Not knowing the history of this feature, I wonder what its purpose is. It seems the only valid values (in a request context) are identical to the ancestor::Attributes/@Category attribute where it appears. If it is used in a Policy, what would be the difference between @Category and @XPathCategory? The revision history for wd-06 says Xpath categories were introduced to point to a specific <Content> element, but I don't see how a "category" value will meet this need. Can someone who is familiar with the history of this feature comment on it? Item #2. urn:oasis:names:tc:xacml:1.0:resource:xpath This appears in the examples, but not in the conformance table (10.2.6). The brief explanation on line 5120 does not specify any datatype, nor does it clarify how resource:xpath differs from resource:resource-id when used for XML resources. It does not explain the difference between: (a) Attribute[@AttributeId='resource-id'][@DataType='xpathExpression'] (b) Attribute[@AttributeId='xpath'] The example in 4.2.2 includes both these <Attribute>s (although the xpath has DataType=string). But the policy only tests the resource:xpath attribute. It could just as well test the resource-id attribute. The core spec should provide better definition of the semantics and processing expectations for resource:xpath. Not knowing the history of this feature, I can't make any specific suggestions at this time. The hierarchical and multiple profiles do not mention resource:xpath. They use resource:resource-id exclusively. I think using resource:xpath in those profiles might help clarify some of the issues we are discussing around identifying and testing multiple XML nodes. Regards, --Paul --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]