[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Subject attribute designator semantics.
|
I think that SubjectAttributeDesignator semantics
is not as clear as I thought it would be.
One problem (as Ann pointed out) is that there is
more than one way to define subject filter in the target.
Here are 2 proposals to rectify this
problem.
16f: in 16f I made SubjectAttributeDesignator the
same as ResourceAttributeDesignator etc.
This SubjectAttributeDesignator may appear in the
Target element under SubjectMatch.
I renamed current SubjectAttributeDesignator into
SelectiveSubjectAttributeDesignator. This element
may appear under Apply element. I called it
Selective because it maps to semantics: point to the subject
attribute where the value of another attribute is
specified with subject-match.
16g: in 16g I defined MatchType type and
AttributeDesignator element of AttributeDesignator type.
(this is what we had before f2f).
SubjectAttributeDesignator is the same as it is in 16e.
Both of this fixes clarify intended semantics and
accomplish the same thing.
Simon
|
Attachment:
draft-xacml-schema-policy-16f.xsd
Description: text/xml
Attachment:
draft-xacml-schema-policy-16g.xsd
Description: text/xml
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC