[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] RE: [sunxacml-discuss] RE: Use of Xquery with XACML
Ok i agreed what u r saying can u plz have a look on the following rule case : suppose i have a rule " A Physician is allowed to check the record of Patient X , if an only if he is the Primary care physician of patient X now Xpath would b /Physician/PhyID = PhysicianID // I also wanted to check whether he is a valid physician or not. AND /Physician/patients/patID = patientID of patient X // for the checking whether Physician is the primary care physician of the Patient X or not. This kind of Xpath is not correct as the 2nd condition can be true for any Physician who is taking care of the Patient X in addition to Primary care Physician can we introduce some context information like this Note: where subjectID is the ID of the caller. "/Hosptial/Physician[phyID='subjectID']/patients/patID/text()" Regards Muhammad. ----- Original Message ----- From: "diego gonzalez" <diegog@lagash.com> To: <xacml-dev@lists.oasis-open.org> Cc: <sunxacml-discuss@lists.sourceforge.net> Sent: Thursday, December 09, 2004 5:01 PM Subject: RE: [xacml-dev] RE: [sunxacml-discuss] RE: Use of Xquery with XACML Totally agree with this. In fact when Xpath is used within the Rules or Conditions it's implemented as a function. I think there is some overlaping between RequestContext and the xpath related function, because both supports searching elements using Xpath, but I don't see this very confusing. In fact it also allows more information by the time of processing the policy and also is easy to create context bound xpath. Regards, DiegoG -----Original Message----- From: Daniel Engovatov [mailto:dengovatov@bea.com] Sent: Wednesday, December 08, 2004 5:48 PM To: Muhammad Masoom Alam; xacml-dev@lists.oasis-open.org Cc: Seth Proctor; sunxacml-discuss@lists.sourceforge.net Subject: [xacml-dev] RE: [sunxacml-discuss] RE: Use of Xquery with XACML If you want to extend XACML functions to use XQuery, you will have to do it yourself. There is no direct mapping, as XQuery/XPath data model is not directly compatible with XACML data model. This is done on purpose as XACML Data model is designed to accommodate a broader ranger of data sources then XML. If you write a custom function that does XQuery or XLST transformation to return XACML attribute value to be used in a rule, you can pass the actual query code as a string literal attribute. You will also need to address how do you provide prolog data and XQuery context, but this is completely outside of XACML implementation. Daniel; -----Original Message----- From: Muhammad Masoom Alam [mailto:Muhammad.alam@uibk.ac.at] Sent: Wednesday, December 08, 2004 11:14 AM To: Daniel Engovatov; xacml-dev@lists.oasis-open.org Cc: Seth Proctor; sunxacml-discuss@lists.sourceforge.net Subject: Re: [sunxacml-discuss] RE: Use of Xquery with XACML Dear , and if the authorization system(PDP) itself wants to use Xquery to make a decision for a resource (XML data / or any resource) , where this Xquery is going to be stored, how Authorization System is going to reference this Xquery as currently there is no support for Xquery and very limited support for Xpath as well. Regards Muhammad.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]