[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Proposal of XML Access Control Use Case of XACML
Hi Michiharu, What do you think if in addition to resource attributes that you construct out of resource uri we make: <Attribute AttributeId="urn:oasis:names:tc:identifiers:resource-uri"> <Attribute AttributeId="urn:oasis:names:tc:identifiers:resource-syntax"> (aka Format) <Attribute AttributeId="urn:oasis:names:tc:identifiers:resource-scope"> Then we can drop <ResourceSpecifier> element altogether. I know that you proposed flat context before and it will make it 'flatter'. There is another advantage to doing this. If only elements that we have to address out of the policy are attributes in the context, non-xpath AttributeDesignator could be made simple (I posted a note on that recently) xpath and namespaces. on lines 433-434 of your proposal you say that pep and pdp must share namespace-uri and corresponding prefix. Namespace-uri must be shared. For namespace prefix there is an easy work around: <Attribute xmlns:c="urn:oasis:xacml-context" xmlns:a="http:myNS"> /c:Request/c:Resource/c:ResourceContent/a:employee/a:phone </Attribute> Simon Godik ----- Original Message ----- From: "Michiharu Kudoh" <KUDO@jp.ibm.com> To: "XACML TC" <xacml@lists.oasis-open.org> Sent: Thursday, July 25, 2002 5:04 AM Subject: [xacml] Proposal of XML Access Control Use Case of XACML > Proposal for XML Access Control Use Case of XACML. It may change depending > on the discussion about the attribute designator. > > (See attached file: XMLAccessControlUseCase.doc)(See attached file: > XMLAccessControlUseCase.pdf) > > Michiharu Kudo > > IBM Tokyo Research Laboratory, Internet Technology > Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC