RE: [xacml-users] AttributeSelector usage

["Daniel Engovatov" <dengovatov@bea.com>]

You are perfectly able to process it in any way you like.   Standard
does not restrict what you put into a context.

We could not generalize the AttributeSelector, because it job is to
select atomic values, not complex data structures.  It would not be
possible to define strict typing for arguments otherwise.  You can
access anything using an AttributeDesignator, from a context populated
with your custom datatypes,  or a function that returns your custom
datatype and takes path to it as its argument, if you need to make
selection as part of the policy.  Such function would be responsible for
the type safety then.

There is nothing wrong or counter intuitive with the standard I think
and I does not prevent your use case at all.

Daniel;


-----Original Message-----
From: Prakash Yamuna [mailto:techpy@gmail.com] 
Sent: Wednesday, March 09, 2005 12:10 PM
To: Daniel Engovatov
Cc: xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] AttributeSelector usage

I have my own functions and datatypes - hence I find it counter
intutive. I do agree that a standard mechanism (functions, etc) cannot
fathom an arbitrary structure in an attributevalue - but I would have
thought that if I define my own functions and own datatypes then I
should be able to process it - even with a standard implementation.


prakash

On Wed, 9 Mar 2005 09:50:57 -0800, Daniel Engovatov <dengovatov@bea.com>
wrote:
> 
> >This seems counter intutive to me in that the schema is open enough
to
> >allow embedding my own structure into the AttributeValue but I cannot
> >leverage it in a meaningful manner in the AttributeSelector.
> 
> Why counter intuitive?   You can only use context data as an argument
> for a function used within the condition.   XACML standard functions
do
> not use any custom data types that you may import from your schema or
> from other applications, so you can not use them in a standard XACML
> expression.
> 
> Daniel;
> 
>