XPath Attribute Profile: XPath as an Identifier

["Cameron Morris" <cmorris@novell.com>]

Liberty's EP profile didn't restrict the XPath but stated that at a minimum it must have a "slash separated path to any depth.  The path is always anchored at the document root and may not contain any wild cards or empty nodes."  

 

I think we can use this restriction of xpath as an Identifier, with the addition of positional predicates.  I'll take a look at the xCap spec from IETF, thanks Arnaud Sahuguet for the reference.  It looks like XSquirrel is slightly different than what I was thinking because I really do want the specific nodes in the document (But it's good to know about it)

 

Other thoughts:

- "urn:xpath" as a prefix: Is it safe to just use xpath directly (name="/pp/LegalName/CommonName") or does it need to have some clarifying prefix (name="urn:some_name_clarifying_that_this_is_an_xpath_name:/pp/LegalName/CommonName").  I suppose the problem is that XPath is a uri and I'm trying to put it into a urn.

 

- If an xpath query results in multiple nodes in the same path, the path can be specified by an xpath identifier (restricted xpath) and the values can be placed in the multivalued <value> elements in SAML attributes.

 

- One thing I had wrong: Liberty queries will return the element tag specified in the XPath, instead of just than the values inside that element tag (I suggested the latter in some examples).

 

- If we are uncomfortable having a query for one attribute return multiple attributes, we could also restrict the query attributes to be xpath identifiers.

 

More exploratory examples:

Suppose some document looks like this:

<root>

   <body>

      <thing>thing1</thing>

      <thing>thing2</thing>

   </body>

   <body>

      <thing name="thing3"/>

   </body>

</root>

 

This shows how positional predicates may be needed, as well as multiple-attributes and multi-valued attributes

Query: <AttributeQuery>...<Attribute name:"/root/body/thing"/></Attributequery>

Result:

<saml:Attribute name="/root/body[1]/thing">

   <value><thing>thing1<thing></value>

   <value><thing>thing2<thing></value>

</saml:Attribute>

<saml:Attribute name="/root/body[2]/thing">

   <value><thing name="thing3"/></value>

</saml:Attribute>

 

Maybe we need text and attribute functions...

Query: <AttributeQuery>...<Attribute name:"/root/body[1]/thing[2]/text()" /></Attributequery>

Result:

<saml:Attribute name="/root/body[1]/thing[2]/text()">

   <value>thing2</value>

</saml:Attribute>

 

Query: <AttributeQuery>...<Attribute name:"/root/body/thing/@name" /></Attributequery>

Result:

<saml:Attribute name="/root/body[2]/thing/@name">

   <value>thing3</value>

</saml:Attribute>

 

 

Thanks for the feedback everyone,

- Cameron

Cameron Morris
Novell, Inc., the leading provider of Linux and identity solutions
http://www.novell.com