[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Info on the Hl7 Permissions
Hi, Also mine, but in the samples there are written something like: <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-003</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-005</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-006</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-009</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-010</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-012</AttributeValue> <AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-017</AttributeValue> (see [1], line 135 and following). And this sample is wrong in my opinion. [1]http://www.oasis-open.org/committees/document.php?document_id=30430 On Thu, Oct 14, 2010 at 4:21 PM, Ludwig Seitz <ludwig@axiomatics.com> wrote: > massimiliano.masi@gmail.com wrote: >> >> Hi All, >> >> I have a question regarding the value of the Hl7 Permission defined by the >> XSPA-XACML profile. >> >> <saml2:Attribute >> FriendlyName="Hl7 Permissions" >> Name="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission" >> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> >> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >> xsi:type="xs:string"> >> urn:oasis:names:tc:xspa:1.0:subject:hl7:PRD-004 >> </saml2:AttributeValue> >> >> In the documents contains sample SAML assertions found in the OASIS >> website, the value of >> this attribute is set as shown in the above fragment, but there are no >> normative information >> on how to encode the Hl7 Permission. >> >> My doubt is the following: prefixing the permission using >> urn:oasis:names:tc:xspa:1.0:subject:hl7 >> doesn't have a semantic of the exact value (the permission). >> >> Wouldn't be better to specify exactly what is this value? e.g. by >> adding urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-004? >> Or even to avoid to prefix with anything, since the attribute name is >> already specifying the value? >> > > I think you might be misunderstanding the spec. > "urn:oasis:names:tc:xspa:1.0:subject:hl7:permission" is not a prefix, but > the identifier of the attribute (the spec is not very clear on this). The > actual permission value would be the attribute value. > > My best guess is that an XACML example for the HL7 permission "PRD-012" > would look like this: > > <Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission"> > <AttributeValue DataType="string">PRD-012</AttributeValue> > </Attribute> > > Regards, > > Ludwig Seitz > > > -- > Ludwig Seitz, PhD | Axiomatics AB > Training & Development | Electrum 223 > Phone: +46 (0)760 44 22 91 | S-164 40 Kista, Sweden > Mail: ludwig@axiomatics.com | > > -- Massimiliano Masi http://www.mascanc.net/~max
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]