[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [schema] One two many OR levels in Target Subject?
>1. at least one Subject has
> AttrA == A AND AttrB == B and AttrC == C
>2. OR at least one Subject has
> AttrE == E
>3. OR at least one Subject has
> AttrD == D
I thought that the above expression is represented by the following
structure but original message has a different structure.
<Target>
<Subjects>
<Subject>
SubjectMatch if AttrA == A
SubjectMatch if AttrB == C
SubjectMatch if AttrC == C
</Subject>
<Subject>
SubjectMatch if AttrE == E
</Subject>
<Subject>
SubjectMatch if AttrD == D
</Subject>
</Subjects>
</Target>
I am still not clear on a couple examples described in
http://lists.oasis-open.org/archives/xacml/200208/msg00001.html
In the first case, what does the following mean?
<SubjectAttributeDesignator AttributeId="B" Category="AccessSubject">
<SubjectMatch MatchId="string-equals">
<SubjectAttributeDesignator AttributeID="A">
<AttributeValue DataType="xs:string">C</AttributeValue>
</SubjectMatch>
</SubjectAttributeDesignator>
Since <SubjectMatch> returns a boolean, it means
<SubjectAttributeDesignator> receives a boolean value as an argument. What
does that mean? (there are several similar expressions in that example)
Michiharu Kudo
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
Anne Anderson
<Anne.Anderson@Su To: XACML TC <xacml@lists.oasis-open.org>
n.com> cc:
Subject: [xacml] [schema] One two many OR levels in Target Subject?
2002/08/03 03:41
Please respond to
Anne.Anderson
I think we MAY have defined one too many levels of OR in our
Target Subject syntax.
I believe the following example matches any Request in which
1. at least one Subject has
AttrA == A AND AttrB == B and AttrC == C
2. OR at least one Subject has
AttrE == E
3. OR at least one Subject has
AttrD == D
But 1. and 2. are not at the same level as 3.
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="string-match">
<SubjectAttributeDesignator AttributeId="AttrA"
DataType="xs:string">
<SubjectMatch MatchId="string-match">
<SubjectAttributeDesignator
AttributeId="AttrB"
DataType="xs:string">
<SubjectMatch MatchId="string-match">
<SubjectAttributeDesignator
AttributeId="AttrC"
DataType="xs:string">
<AttributeValue
DataType="xs:string">
valueC
</AttributeValue>
</SubjectAttributeDesignator>
</SubjectMatch>
<AttributeValue DataType="xs:string">
valueB
</AttributeValue>
</SubjectAttributeDesignator>
</SubjectMatch>
<AttributeValue DataType="xs:string">
valueA
</AttributeValue>
</SubjectAttributeDesignator>
</SubjectMatch>
<SubjectMatch MatchId="string-match">
<SubjectAttributeDesignator AttributeId="AttrE"
DataType="xs:string">
<AttributeValue DataType="xs:string">
valueE
</AttributeValue>
</SubjectAttributeDesignator>
</SubjectMatch>
</Subject>
<Subject>
<SubjectMatch MatchId="string-match">
<SubjectAttributeDesignator AttributeId="AttrD"
DataType="xs:string">
<AttributeValue DataType="xs:string">
valueD
</AttributeValue>
</SubjectAttributeDesignator>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC