OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] AttributeSelector usage

Thanks for your response Daniel.

Any ideas on how I would do this if the data is in ResourceContent.

I can see the constraints in terms of supporting arbitrary complex
types in a standard way - but if I am feeding it of to my own
functions then I would have thought it wouldn't be an issue.

Maybe there is more to it then I see.


On Wed, 9 Mar 2005 12:50:57 -0800, Daniel Engovatov <dengovatov@bea.com> wrote:
> You are perfectly able to process it in any way you like.   Standard
> does not restrict what you put into a context.
> We could not generalize the AttributeSelector, because it job is to
> select atomic values, not complex data structures.  It would not be
> possible to define strict typing for arguments otherwise.  You can
> access anything using an AttributeDesignator, from a context populated
> with your custom datatypes,  or a function that returns your custom
> datatype and takes path to it as its argument, if you need to make
> selection as part of the policy.  Such function would be responsible for
> the type safety then.
> There is nothing wrong or counter intuitive with the standard I think
> and I does not prevent your use case at all.
> Daniel;
> -----Original Message-----
> From: Prakash Yamuna [mailto:techpy@gmail.com]
> Sent: Wednesday, March 09, 2005 12:10 PM
> To: Daniel Engovatov
> Cc: xacml-users@lists.oasis-open.org
> Subject: Re: [xacml-users] AttributeSelector usage
> I have my own functions and datatypes - hence I find it counter
> intutive. I do agree that a standard mechanism (functions, etc) cannot
> fathom an arbitrary structure in an attributevalue - but I would have
> thought that if I define my own functions and own datatypes then I
> should be able to process it - even with a standard implementation.
> prakash
> On Wed, 9 Mar 2005 09:50:57 -0800, Daniel Engovatov <dengovatov@bea.com>
> wrote:
> >
> > >This seems counter intutive to me in that the schema is open enough
> to
> > >allow embedding my own structure into the AttributeValue but I cannot
> > >leverage it in a meaningful manner in the AttributeSelector.
> >
> > Why counter intuitive?   You can only use context data as an argument
> > for a function used within the condition.   XACML standard functions
> do
> > not use any custom data types that you may import from your schema or
> > from other applications, so you can not use them in a standard XACML
> > expression.
> >
> > Daniel;
> >
> >

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]