OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] resource:xpath and XPathCategory

Erik Rissanen wrote:
>> Item #2. urn:oasis:names:tc:xacml:1.0:resource:xpath
>>
>> This appears in the examples, but not in the conformance table (10.2.6).
>> The brief explanation on line 5120 does not specify any datatype, nor
>> does it clarify how resource:xpath differs from resource:resource-id
>> when used for XML resources.  It does not explain the difference
>> between:
>>
>>     (a)
>> Attribute[@AttributeId='resource-id'][@DataType='xpathExpression']
>>     (b) Attribute[@AttributeId='xpath']
>>
>> The example in 4.2.2 includes both these <Attribute>s (although the
>> xpath has DataType=string).  But the policy only tests the
>> resource:xpath attribute.  It could just as well test the resource-id
>> attribute.
>>
>> The core spec should provide better definition of the semantics and
>> processing expectations for resource:xpath.  Not knowing the history of
>> this feature, I can't make any specific suggestions at this time.
>>
>> The hierarchical and multiple profiles do not mention resource:xpath.
>> They use resource:resource-id exclusively. I think using resource:xpath
>> in those profiles might help clarify some of the issues we are
>> discussing around identifying and testing multiple XML nodes.    
>
> I don't know what this is for. I can investigate, but the TC call is 
> in a few minutes, so I have to do it later. I suspect that it is 
> remnant from 1.0, which was superseded in 2.0 with something new, and 
> it carried over to 2.0 by mistake.

I have searched the email archives. It was originally used to carry an 
xpath expression pointing to the resource in XML content. (You can find 
some examples of this in the really old emails from the 1.x age.) Within 
the 2.0 process there was a proposal in this email from Anne to drop the 
attribute:

http://lists.oasis-open.org/archives/xacml/200407/msg00103.html

In 2.0 the resource-id attribute is used instead to carry to xpath 
expression, as we all should have in fresh memory from all the 
discussion concerning the multiple profile. :-)

There was a response from Tim that he would remove it:

http://lists.oasis-open.org/archives/xacml/200407/msg00104.html

I suppose something got mixed up and the change was not implemented. (Or 
maybe the TC changed their mind, but I suspect not since all the 2.0 
profiles use the resource-id, not resource:xpath)

I propose that we remove this identifier from the 3.0 spec.

Best regards,
Erik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]