[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public Comment
Comment from: rgrzywinski@yahoo.com I'd like to add use cases to the XACML 2.0 work item #9 (Policies referring to hierarchical resources). The current work item refers to three cases: o all descendents of a particular node in a hierarchy o all immediate children of a particular node in a hierarchy o a particular node in a hierarchy These three cases only cover a small subset of the policy used in the current web access control products. For example, refer to section 7.2 (Enhanced URI Wildcarding) of: http://www.rsasecurity.com/products/cleartrust/whitepapers/CTOVNF_WP_0903.pdf for use cases. I feel that a stronger and more flexible solution is needed for this problem. Perhaps a limited set of regex functions following XPath 2.0 pattern matching: http://www.w3.org/TR/xquery-operators/#string.match which is already exposed as "regexp-string-match" but only for strings (and not as XPath expressions). I do recognize the dangers in adding dependencies to as-of-yet-finalized specifications. As long as the use cases are recognized, they could be added as a post XACML 2.0 addition contingent on the finalization of XPath 2.0. -- Rob Grzywinski
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]