[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Obligations
Hi Jason. > An <Obligation> element can reference a node in the request context > using an > appropriate XPath expression in the RequestContextPath attribute of an > <AttributeSelector> element. Is it possible to reference elements in > other > XML documents? It might be useful if one wanted to write information > about > certain access requests to a separate log file, for example. The short answer is yes, but perhaps not for the reason you expected :) True, an Obligation may contain an AttributeAssignment that specifies an AttributeSelector pointing into the Request Context. According to the spec, however, this is not something that the PDP is allowed to evaluate. So, it's up to the PEP (or some other component in your system) to do this evaluation. So, can you have an AttriubteAssignment that references other kinds of documents? Sure, 'cause it's your application that will be handling the Obligation. You're free to come up with your own conventions for these assignments, and that may lead to referencing a separate log file, a database, or anything else. For that matter, you can even define a new datatype and use that if it helps with your external reference. Does that help? seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]