[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Review of 5. Policy Syntax section
Hi,
Aside from grammatical, etc., changes I have two question/issues from reading this section.
1. In section 5.7 (Element <SubjectMatch>), I think we need to specify that whatever is returned by SubjectAttributeDesignator or AttributeSelector is matched against the value carried in AttributeValue. This behaviour is not spelled out anywhere. (In fact, AttributeValue is not even described in the "list of elements contained in <SubjectMatch>" discussion; it only appears in the schema fragment.)
The same is true for <ResourceMatch> and <ActionMatch> (sections 5.10 and 5.13).
Also, in the "list of elements contained in <SubjectMatch>" discussion, why is <AttributeSelector> described as [required]? I thought it was optional.
2. In section 5.26 (Element <SubjectAttributeDesignatorWhere>), why does the element <SubjectMatch> have minOccurs="0"? If this element was omitted, you wouldn't use SubjectAttributeDesignatorWhere; you would just use SubjectAttributeDesignator. In any case, the verbal description says that SubjectMatch has [Any Number], so I suspect that minOccurs="0" in the schema should be changed to maxOccurs="unbounded".
Carlisle.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC