[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Reg. <ResourceContent>
Thanks for the response Daniel. But I am even more confused b/w your usage of context and content:-( My understanding is there is a single XACML context - no ambiguities here. I was trying to understand <ResourceContent>. Even the schema seems highly tilted towards this being an xml representation of a resource you can dump rather than have to fit into attributes. <xs:complexType name="ResourceType"> <xs:sequence> <xs:element ref="xacml-context:ResourceContent" minOccurs="0"/> <xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> It is interesting to see that I can have multiple <ResourceContent> elements within <Resource> according to the schema - where as section 6.1 states: "<Resource> [One to Many] Specifies information about the resource or resources for which access is being requested by listing a sequence of <Attribute> elements associated with the resource. It MAY include a <ResourceContent> element." Seems to indicate there can only be a single <ResourceContent> element. Best, prakash On Wed, 30 Mar 2005 18:39:57 -0800, Daniel Engovatov <dengovatov@bea.com> wrote: > There is no such assumption. The idea is that when resource is an XML > document, it can contain (maybe partially) the context. Context is > notional. Even if it is a representation of a resource, it may include > any attributes. > > Personally, I think AttribtueDesignators should not have a kind either, > as they have no other meaning other then to group attributes in the > context to some traditional categories. Maybe I should suggest for 3.0 > to reconsider that and make attribute kind an extensible identifier for > association with arbitrary data sources. > > D; > > > -----Original Message----- > From: Prakash Yamuna [mailto:techpy@gmail.com] > Sent: Wednesday, March 30, 2005 6:33 PM > To: Daniel Engovatov > Cc: xacml-users@lists.oasis-open.org > Subject: Re: [xacml-users] Reg. <ResourceContent> > > Hmm - interesting... > > Section 6.4 states: > > "The <ResourceContent> element is a notional placeholder for the > content of the resource. If an XACML policy references the contents > of the resource by means of an <AttributeSelector> element, then the > <ResourceContent> element MUST be included in the RequestContextPath > string." > > The key phrase that struck me was - "notional placeholder for the > content of the resource" - hence my assumption that <ResourceContent> > can be used only for xml content representation of resources. > > prakash > > On Wed, 30 Mar 2005 18:16:22 -0800, Daniel Engovatov > <dengovatov@bea.com> wrote: > > It is explained partially in section 2.5, line 460 : you can have > > subject attribute as part of this context. > > One can include all that information within a single XML document if > so > > needed. No need for separate contents. > > > > Division of attributes into several kinds is purely for convenience. > > They do not have any fundamental differences. > > > > There is really only one context, that contains all kind of > attributes. > > See section 3.2. > > > > Daniel; > > > > -----Original Message----- > > From: Prakash Yamuna [mailto:techpy@gmail.com] > > Sent: Wednesday, March 30, 2005 5:48 PM > > To: xacml-users@lists.oasis-open.org > > Subject: [xacml-users] Reg. <ResourceContent> > > > > I was wondering if anyone could provide insight on why the XACML spec > > supports <ResourceContent> but not <SubjectContent>, <ActionContent>, > > etc... > > > > thanks, > > prakash > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]