[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Info on the Hl7 Permissions
Hi,
Also mine, but in the samples there are written something like:
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-003</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-005</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-006</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-009</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-010</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-012</AttributeValue>
<AttributeValue>urn:oasis:names:tc:xspa:1.0:hl7:prd-017</AttributeValue>
(see [1], line 135 and following). And this sample is wrong in my opinion.
[1]http://www.oasis-open.org/committees/document.php?document_id=30430
On Thu, Oct 14, 2010 at 4:21 PM, Ludwig Seitz <ludwig@axiomatics.com> wrote:
> massimiliano.masi@gmail.com wrote:
>>
>> Hi All,
>>
>> I have a question regarding the value of the Hl7 Permission defined by the
>> XSPA-XACML profile.
>>
>> <saml2:Attribute
>> FriendlyName="Hl7 Permissions"
>> Name="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission"
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> xsi:type="xs:string">
>> urn:oasis:names:tc:xspa:1.0:subject:hl7:PRD-004
>> </saml2:AttributeValue>
>>
>> In the documents contains sample SAML assertions found in the OASIS
>> website, the value of
>> this attribute is set as shown in the above fragment, but there are no
>> normative information
>> on how to encode the Hl7 Permission.
>>
>> My doubt is the following: prefixing the permission using
>> urn:oasis:names:tc:xspa:1.0:subject:hl7
>> doesn't have a semantic of the exact value (the permission).
>>
>> Wouldn't be better to specify exactly what is this value? e.g. by
>> adding urn:oasis:names:tc:xspa:1.0:subject:hl7:permission:PRD-004?
>> Or even to avoid to prefix with anything, since the attribute name is
>> already specifying the value?
>>
>
> I think you might be misunderstanding the spec.
> "urn:oasis:names:tc:xspa:1.0:subject:hl7:permission" is not a prefix, but
> the identifier of the attribute (the spec is not very clear on this). The
> actual permission value would be the attribute value.
>
> My best guess is that an XACML example for the HL7 permission "PRD-012"
> would look like this:
>
> <Attribute AttributeId="urn:oasis:names:tc:xspa:1.0:subject:hl7:permission">
> <AttributeValue DataType="string">PRD-012</AttributeValue>
> </Attribute>
>
> Regards,
>
> Ludwig Seitz
>
>
> --
> Ludwig Seitz, PhD | Axiomatics AB
> Training & Development | Electrum 223
> Phone: +46 (0)760 44 22 91 | S-164 40 Kista, Sweden
> Mail: ludwig@axiomatics.com |
>
>
--
Massimiliano Masi
http://www.mascanc.net/~max
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]