OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml-comment] A002

[For those not running the Conformance Tests, test A002 requires the
system to retrieve an attribute value that is not supplied in the
original XACML Request from the PEP.  The instructions for the test are
deliberately places no requirements on which attribute it is, where it
is retrieved from, how it is retrieved, etc.]

The intent of test A002 is to exercise one of the primary advantages of
XACML: the ability to have the PDP side of the system obtain attributes
that are not necessarily supplied by the PEP.  Section 7.9.2 covers this,
although we were so careful not to specify a particular implementation
that perhaps we were not specific enough.

It is the "context handler" that is responsible for supplying attribute
values, and it is the existence of a context handler that is independent
of any physical XML Request document that is being tested in A002.  If
we do not have a test of this kind, implementors can limit their
capabilities to parsing an XML Request document using standard XML tools
and retrieving attributes from that.  We have specifically stated that
the Context is NOT to be considered as a physical XML document (although
it is certainly based on some sort of document received from the PDP),
and that attribute values are obtained from the context handler.

I am posting this to the XACML list for discussion.  Do we want to require
the functionality required by Conformance Test A001?

Anne Anderson

"John Merrells" <merrells@jiffysoftware.com> wrote:
>Date: Tue, 26 Nov 2002 19:58:52 -0800
>Which part of the specification is this test testing? I read 7.9.2, but it
>says that if the PDP can't find an attribute in the context then it's to
>return Indeterminate. Also, in Figure 1 the PDP is shown reading
>policies from a PAP and returning responces to the context handler,
>but not retrieving attributes from anywhere.
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

Anne Anderson          Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
Burlington, MA         781-442-0928

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC