OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] [schema] One two many OR levels in Target Subject?

I think we MAY have defined one too many levels of OR in our
Target Subject syntax.

I believe the following example matches any Request in which
1. at least one Subject has
   AttrA == A AND AttrB == B and AttrC == C
2. OR at least one Subject has
   AttrE == E
3. OR at least one Subject has
   AttrD == D

But 1. and 2. are not at the same level as 3.

<Target>
    <Subjects>
        <Subject>
            <SubjectMatch MatchId="string-match">
                <SubjectAttributeDesignator AttributeId="AttrA"
                                            DataType="xs:string">
                    <SubjectMatch MatchId="string-match">
                        <SubjectAttributeDesignator
                                            AttributeId="AttrB"
                                            DataType="xs:string">
                            <SubjectMatch MatchId="string-match">
                                <SubjectAttributeDesignator
                                            AttributeId="AttrC"
                                            DataType="xs:string">
                                    <AttributeValue
                                            DataType="xs:string">
                                        valueC
                                    </AttributeValue>
                                </SubjectAttributeDesignator>
                            </SubjectMatch>
                            <AttributeValue DataType="xs:string">
                                valueB
                            </AttributeValue>
                        </SubjectAttributeDesignator>
                    </SubjectMatch>
                    <AttributeValue DataType="xs:string">
                        valueA
                    </AttributeValue>
                </SubjectAttributeDesignator>
            </SubjectMatch>
            <SubjectMatch MatchId="string-match">
                <SubjectAttributeDesignator AttributeId="AttrE"
                                            DataType="xs:string">
                    <AttributeValue DataType="xs:string">
                        valueE
                    </AttributeValue>
                </SubjectAttributeDesignator>
            </SubjectMatch>
        </Subject>
        <Subject>
            <SubjectMatch MatchId="string-match">
                <SubjectAttributeDesignator AttributeId="AttrD"
                                            DataType="xs:string">
                    <AttributeValue DataType="xs:string">
                        valueD
                    </AttributeValue>
                </SubjectAttributeDesignator>
            </SubjectMatch>
        </Subject>
    </Subjects>
    <Resources>
        <AnyResource/>
    </Resources>
    <Actions>
        <AnyAction/>
    </Actions>
</Target>

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC