OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AttributeSelector usage

The spec (2.0) states the following for <AttributeSelector>:

Each node selected by the specified XPath expression MUST be either a
text node, an attribute node, a processing instruction node or a
comment node. The string representation of the value of each node MUST
be converted to an attribute value of the specified data-type, and the
result of the AttributeSelector is the bag of the attribute values
generated from all the selected nodes.

Does that mean I cannot have something like this?

   <Attribute AttributeId="myattrid1" DataType="mydatatype1">
          blah blah

And then in the Policy I do something like:
   <Apply FunctionId="myfunc1">

This seems counter intutive to me in that the schema is open enough to
allow embedding my own structure into the AttributeValue but I cannot
leverage it in a meaningful manner in the AttributeSelector.

Also I am trying to understand how the ability to plug in an arbitraty
structure into <ResourceContent> works given the limitations on the

Also the spec states the following: 

DataType [Required]

The data-type of the contents of the <xacml-context:AttributeValue>
element.  This SHALL be either a primitive type defined by the XACML
2.0 specification or a type (primitive or structured) defined in a
namespace declared in the <xacml-context> element.

So what would be the value of defining my own (complex) datatypes in
such a scenario?

Am I missing something?

Also any inputs on how one can overcome this limitation would be
greatly appreciated.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]