OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] Condition language

actually you can get around having to 'chase' external standards by 
explicitly stating the version of XPATH (in this case) being used (which 
is what we would do anyway i assume). that way we would adopt future 
versions of XAPTH as they provide value to our cause and only then. 
assuming that there is some level of backwards compatibility with the 
external standards we choose to rely upon this should be practical to 


Michiharu Kudoh wrote:
> I have a little different idea on the XACML condition language. The current
> specification aims at defining XACML local syntax and the semantics. I
> think it is one way to proceed. The other way would be to borrow the syntax
> and the semantics from other promising standards as much as possible. For
> example, the semantics of the string comparison is also defined in XPath
> 1.0 document. "/ContextPrincipals/ContextPrincipal/SimplePrincipal
> = 'Alice' '' compares the text node of the SimplePrincipal element in the
> XACML context and "Alice". It also supports AND, OR, NOT, element
> reference, arithmetic computation, and the type conversion. If we specify
> this "string expression" in the condition element as described below, the
> semantics of this expression is explicitly defined in XPath standard. The
> merit is that we don't have to worry about the syntax and the semantics of
> the expression evaluation in XACML. The downside would be when XPath 2.0
> becomes recommendation, we may have to update some part of our document.
> But I still think this is another practical way to specify the condition
> expression.
> <Conditions>
>   <Condition expression
> ="/ContextPrincipals/ContextPrincipal/SimplePrincipal = 'Alice'">/
> </Conditions>
> Best regards,
> Michiharu Kudo
> IBM Tokyo Research Laboratory, Internet Technology
> Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC