OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Reg. <ResourceContent>


your given example makes sence, since in a distributed workflows, the 
subject (caller) is not already known  n it is not always possible to 
extract the callers data from the database, so it will be really handy if 
caller(subject) attributes can be enclosed in the <subjectContent> element 
instead of their specification through some other means.

agreed ??
----- Original Message ----- 
From: "Prakash Yamuna" <techpy@gmail.com>
To: "Seth Proctor" <Seth.Proctor@sun.com>
Cc: "Daniel Engovatov" <dengovatov@bea.com>; 
Sent: Thursday, March 31, 2005 5:26 AM
Subject: Re: [xacml-users] Reg. <ResourceContent>

> Thanks for the response Seth - defining custom datatypes is what I
> have gone ahead with...
> But I was hoping somebody could throw some light as to why the XACML
> committe felt a need for <ResourceContent> but not
> <SubjectContent>...and hence my email.
> I am not sure I totally understand the distinction b/w using
> <ResourceContent> as a place to store XML data versus actual content
> of the resource.
> To me for example: a Subjec X - xml representation maybe:
> <MySubject uid="X" firstName="prakash" org="somegodforsakenorg" 
> supervisor="Y"/>
> So if Subject Y is deleting Subject X then:
> I could have said:
> <Request...>
> <SubjectContent>
> <MySubject uid="Y" firstName="mymanagerwhowillbeanonymous"
> org="somegodforsakenorg" supervisor="A"/>
> </SubjectContent>
> <ResourceContent>
> <MySubject uid="someuniqueid" firstName="prakash"
> org="somegodforsakenorg" supervisor="Y"/>
> </ResourceContent>
> <Action>
> ...
> </Request>
> Then in my policy all I had to say was if my supervisor of X is the
> subject trying to delete then go ahead and delete.
> I can do all this through custom datatypes and attributes - I
> understand - as I said I was more curious to understand the rationale
> than anything else...
> Thanks,
> prakash
> On Wed, 30 Mar 2005 22:08:45 -0500, Seth Proctor <Seth.Proctor@sun.com> 
> wrote:
>> Yeah, I understand where you're going. Basically, don't think of
>> ResourceContent as a place to store XML data. Think of it as the place
>> where you include the actual content of the resource you're trying to
>> access. The fact that the connonical representation is XML, and that
>> you can query it using XPath, is just a concidence :)
>> seth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]