[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [schema] One two many OR levels in Target Subject?
Looking at Anne's structure here, I believe her structure has this semantics: 1. at least one Subject has AttrA == A AND AttrB == B and AttrC == C and AttrE == E 2. OR at least one Subject has AttrD = D This stems from the <Subject> construct, of which I believe means AND the sequence of <SubjectMatch> on one particular subject. Is that the correct semantics of <Subject> within the <Subjects> construct? If I "convert" each one of Anne's subject matches to Horn Clauses (i.e. Prolog), we get the following, meaning that the predicate "has" can figure out whether a particular subject has a particular attribute. SubjectMatch1(S) :- has(S,"AttrA","A"),has(S,"AttrB","B"),has(S,"AttrC","C"). SubjectMatch2(S) :- has(S,"AttrE","E"). SubjectMatch3(S) :- has(S,"AttrD","D"). Then comes the semantics of the two <Subject> constructs that Ann creates, of which I believe is the AND of the particular <SubjectMatch> constructs. I label predicates Subject1 and Subject2. Subject1(S) :- SubjectMatch1(S), SubjectMatch2(S). Subject2(S) :- SubjectMatch3(S). The algorithm for the <Subjects> match is to see if the Subject1 OR the Subject2 predicate applies to the sequence of Subjects, the sequence in prolog is denoted by [head|rest]. Subjects([S|Ss]) :- Subject1(S). Subjects([S|Ss]) :- Subject2(S). Subjects([_|Ss]) :- Subjects(Ss). Is this the semantics to which we agreed? -Polar On Fri, 2 Aug 2002, Anne Anderson wrote: > I think we MAY have defined one too many levels of OR in our > Target Subject syntax. > > I believe the following example matches any Request in which > 1. at least one Subject has > AttrA == A AND AttrB == B and AttrC == C > 2. OR at least one Subject has > AttrE == E > 3. OR at least one Subject has > AttrD == D > > But 1. and 2. are not at the same level as 3. > > <Target> > <Subjects> > <Subject> > <SubjectMatch MatchId="string-match"> > <SubjectAttributeDesignator AttributeId="AttrA" > DataType="xs:string"> > <SubjectMatch MatchId="string-match"> > <SubjectAttributeDesignator > AttributeId="AttrB" > DataType="xs:string"> > <SubjectMatch MatchId="string-match"> > <SubjectAttributeDesignator > AttributeId="AttrC" > DataType="xs:string"> > <AttributeValue > DataType="xs:string"> > valueC > </AttributeValue> > </SubjectAttributeDesignator> > </SubjectMatch> > <AttributeValue DataType="xs:string"> > valueB > </AttributeValue> > </SubjectAttributeDesignator> > </SubjectMatch> > <AttributeValue DataType="xs:string"> > valueA > </AttributeValue> > </SubjectAttributeDesignator> > </SubjectMatch> > <SubjectMatch MatchId="string-match"> > <SubjectAttributeDesignator AttributeId="AttrE" > DataType="xs:string"> > <AttributeValue DataType="xs:string"> > valueE > </AttributeValue> > </SubjectAttributeDesignator> > </SubjectMatch> > </Subject> > <Subject> > <SubjectMatch MatchId="string-match"> > <SubjectAttributeDesignator AttributeId="AttrD" > DataType="xs:string"> > <AttributeValue DataType="xs:string"> > valueD > </AttributeValue> > </SubjectAttributeDesignator> > </SubjectMatch> > </Subject> > </Subjects> > <Resources> > <AnyResource/> > </Resources> > <Actions> > <AnyAction/> > </Actions> > </Target> > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC