[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] xacml-3.0-profile-webservices-spec-v1-wd-10 <-- Other bugs & script
Roland,
Good catch: this kind of things can lead to policy implementations that do not work when interpreted by PDPs.
TC,
please also look at the resource-id that I reported before and target-namespace (see below)
---- resource-id ----------
1.Page 70:
“urn:oasis:names:tc:xacml:2.0:resource:resource-id”
Everywhere else the URI for resource-id is:
urn:oasis:names:tc:xacml:1.0:resource:resource-id
---- target-namespace ---------
Pages 31,34, 41, 129:
urn:oasis:names:tc:xacml:2.0:resource:target-namespace
Pages 37,40,42
urn:oasis:names:tc:xacml:1.0:resource:target-namespace
Here is a script that can help catching the bugs like that. It has a little bit of noise that is tolerable, I think. You'll need to convert PDF to tst before using it.
Syntax: d_count.pl <xacml-text-file>
my %h;
my $start = 'urn:oasis:names:tc:xacml';
my $one = 'urn:oasis:names:tc:xacml:1';
my $two = 'urn:oasis:names:tc:xacml:2';
while (<>) {
my @a = split/[\s\r\n\t]+/;
foreach(@a) {
my $w = $_;
$w =~ s/'//g;
$w =~ s/"//g;
$h{$w} = 1 if ($w =~ /^$start/ && !$h{$w} );
$h{$w} = 2 if ($w =~ /^$start/ && $h{twik_ver($w)});
}
}
foreach (sort(keys(%h))) {
print $_."\n" if $h{$_} == 2;
}
sub twik_ver {
my $s = shift;
my $d = $1 if ($s =~ /^$start:(\d)/);
$d = ($d==1)?2:1;
$s =~ s/^$start:\d/$start:$d/;
return $s;
}
--- On Wed, 8/6/08, Roland Illig <roland.illig@gmx.de> wrote:
> From: Roland Illig <roland.illig@gmx.de>
> Subject: Re: [xacml-comment] xacml-3.0-profile-webservices-spec-v1-wd-10
> To: xacml-comment@lists.oasis-open.org
> Date: Wednesday, August 6, 2008, 5:05 AM
> Roland Illig schrieb:
> > Hi,
> >
> > the document
> xacml-3.0-profile-webservices-spec-v1-wd-10 mentions the
> > urn:oasis:names:tc:xacml:1.0:function:time-in-range
> function, which does
> > not exist. It has only been introduced in XACML 2.0.
>
> Oh well, worse than that. XACML 2.0 defines both of these
> functions:
>
> urn:oasis:names:tc:xacml:1.0:function:time-in-range (page
> 114)
> urn:oasis:names:tc:xacml:2.0:function:time-in-range (page
> 99)
>
> and in XACML 3.0 wd 06, it is still wrong.
>
> Roland
>
> --
> This publicly archived list offers a means to provide input
> to the
> OASIS eXtensible Access Control Markup Language (XACML) TC.
>
> In order to verify user consent to the Feedback License
> terms and
> to minimize spam in the list archive, subscription is
> required
> before posting.
>
> Subscribe: xacml-comment-subscribe@lists.oasis-open.org
> Unsubscribe: xacml-comment-unsubscribe@lists.oasis-open.org
> List help: xacml-comment-help@lists.oasis-open.org
> List archive:
> http://lists.oasis-open.org/archives/xacml-comment/
> Feedback License:
> http://www.oasis-open.org/who/ipr/feedback_license.pdf
> List Guidelines:
> http://www.oasis-open.org/maillists/guidelines.php
> Committee:
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]