OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Resource attributes

I find the resource:target-namespace attribute a bit confusing: it  
seems like something that could be derived from the request context,  
when not specified explicitly.  In other words, it could be a  
synthetic attribute, like the current date and time.  However, given  
that it is not such a synthetic attribute, I don't understand why it  
is not specified in the example request context (well, perhaps the  
example is not expected to pass?)

In addition, I think there is a slight contradiction in the 2.0  
spec.  Lines 5041-5045 indicate that the XACML PDP must verify that  
this attribute is accurate.  However, lines 3892-3895 and 3897-3899  
suggest that all attributes, other than the current time and date,  
are transparent to the PDP (which I take to mean that they have no  
special semantics).  I couldn't find any other text on the topic, but  
it seems a canonical listing of non-transparent attributes would be  
helpful!  In general, in Appendix B, it is unclear whose  
responsibility it is to manage the proper use of attributes (i.e., to  
whom does the "SHALL" apply?  The PEP, PDP, PIP?  Perhaps the Context  
handler?  All of the above?)


Niko Matsakis

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]