[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Resource attributes
I find the resource:target-namespace attribute a bit confusing: it seems like something that could be derived from the request context, when not specified explicitly. In other words, it could be a synthetic attribute, like the current date and time. However, given that it is not such a synthetic attribute, I don't understand why it is not specified in the example request context (well, perhaps the example is not expected to pass?) In addition, I think there is a slight contradiction in the 2.0 spec. Lines 5041-5045 indicate that the XACML PDP must verify that this attribute is accurate. However, lines 3892-3895 and 3897-3899 suggest that all attributes, other than the current time and date, are transparent to the PDP (which I take to mean that they have no special semantics). I couldn't find any other text on the topic, but it seems a canonical listing of non-transparent attributes would be helpful! In general, in Appendix B, it is unclear whose responsibility it is to manage the proper use of attributes (i.e., to whom does the "SHALL" apply? The PEP, PDP, PIP? Perhaps the Context handler? All of the above?) regards, Niko Matsakis
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]