[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Resolutions on 12th call
I think that the following are the resolutions TC made in the previous TC call on 12th. Please let me know if there is a mistake. 0026. [Michiharu] Add XPath functions as non-mandatory STATUS: POSTPONED 9/19 (Michiharu will update and resubmit) 0031. [Michiharu] Type of XPathVersion element from string=>anyURI STATUS: WITHDRAW ACCEPTED (QUORUM) 9/12 0032. [Michiharu] Schema change of AttributeSelector STATUS: ACCEPTED 9/12 (QUORUM) 0035. [Michiharu] AttributeSelectorIndirect STATUS: POSTPONED 9/12 (Michiharu will update and resubmit) 0039. [Michiharu] Remove XPathVersion attribute from AttributeSelector STATUS: ACCEPTED 9/12 (QUORUM) ====================== 0032. [Michiharu] Schema change of AttributeSelector http://lists.oasis-open.org/archives/xacml/200209/msg00078.html I propose to change the AttributeSelector element. <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default ="http://www.w3.org/TR/1999/Rec-xpath-19991116"/> </xs:complexType> ==> <xs:complexType name="AttributeSelectorType"> <xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs ="unbounded"/> <xs:attribute name="RequestContextPath" type="xs:anyURI" use ="optional"/> <xs:attribute name="DataType" type="xs:anyURI" use="optional"/> </xs:complexType> <xs:element name="XPathNamespace" type="xacml:XPathNamespaceType" substitutionGroup="xacml:AbstractDefaults"/> <xs:complexType name="XPathNamespaceType"> <xs:attribute name="NamespaceURI" type="xs:anyURI"/> <xs:attribute name="Prefix" type="xs:string" use="optional"/> </xs:complexType> Scope of the XPathNamespace for AttributeSelector element: 1. AttributeSelector element that includes XPathNamespace element, XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements that include the AttributeSelector element. For the precedence, 1. XPathNamespace elements in AttributeSelector take precedence over XPathNamespace elements in PolicyDefaults in Policy element.. 2. XPathNamespace elements in PolicyDefaults in Policy take precedence over XPathNamespace elements in PolicySetDefaults in PolicySet element.. 3. If there are two or more identical prefixes are specified under an AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the last prefix takes precedence over the previous prefixes. Others: 1. Global xmlns attribute is not used for resolving namespace-prefix pair specified in XPath expression. 2. If no XPathNamespace element is found in valid scope, it means no namespace-prefix pair is defined. 3. If Prefix attribute is missing, it means that default namespace is defined. Text change request In Section 5.3, Element <PolicySetDefaults>, line 1487-1489, <AbstractDefaults>[Any Number] This is the head of substitution group to specify default parameters. The elements in this substitution group defined at this time is <XPathNamespace> element. 0039. [Michiharu] Remove XPathVersion attribute from AttributeSelector http://lists.oasis-open.org/archives/xacml/200209/msg00078.html I request to remove "XPathVersion" attribute from AttributeSelector element. The reason is that we already allow a default value of XPathVersion in Policy and PolicySet elements. Since the minimum unit of the policy rules are Policy element, I think it is sufficient to specify XPath version information at a policy level, not at each AttributeSelector level. Policy writer who uses AttributeSelector must specify the xpath version in PolicyDefaults or PolicySetDefaults element. The value of XPath 1.0 version is "http://www.w3.org/TR/1999/Rec-xpath-19991116". Best Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 ----- Forwarded by Michiharu Kudoh/Japan/IBM on 2002/09/17 18:59 ----- Michiharu Kudoh To: XACML TC <xacml@lists.oasis-open.org> 2002/09/12 20:47 cc: From: Michiharu Kudoh/Japan/IBM@IBMJP Subject: Action items on change request [0026] Add XPath functions as non-mandatory I want to postpone this change request update until we reach an agreement on a function model. [0031] Type of XPathVersion element from string=>anyURI I would like to change my original change request and propose a change request [0039]. If [0039] is accepted, [0031] disappears. Then Simon's concern is solved. [0032] Schema change of AttributeSelector I revise my change request. With the change request 0031, a schema change request becomes: ======== start of [0032] ======== I propose to change the AttributeSelector element. The reason of this change is described in a separate mail titled "[xacml] AttributeSelector example". <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default ="http://www.w3.org/TR/1999/Rec-xpath-19991116"/> </xs:complexType> ==> <xs:complexType name="AttributeSelectorType"> <xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs ="unbounded"/> <xs:attribute name="RequestContextPath" type="xs:anyURI" use ="optional"/> <xs:attribute name="DataType" type="xs:anyURI" use="optional"/> </xs:complexType> <xs:element name="XPathNamespace" type="xacml:XPathNamespaceType" substitutionGroup="xacml:AbstractDefaults"/> <xs:complexType name="XPathNamespaceType"> <xs:attribute name="NamespaceURI" type="xs:anyURI"/> <xs:attribute name="Prefix" type="xs:string" use="optional"/> </xs:complexType> Scope of the XPathNamespace for AttributeSelector element: 1. AttributeSelector element that includes XPathNamespace element, XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements that include the AttributeSelector element. For the precedence, 1. XPathNamespace elements in AttributeSelector take precedence over XPathNamespace elements in PolicyDefaults in Policy element.. 2. XPathNamespace elements in PolicyDefaults in Policy take precedence over XPathNamespace elements in PolicySetDefaults in PolicySet element.. 3. If there are two or more identical prefixes are specified under an AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the last prefix takes precedence over the previous prefixes. Others: 1. Global xmlns attribute is not used for resolving namespace-prefix pair specified in XPath expression. 2. If no XPathNamespace element is found in valid scope, it means no namespace-prefix pair is defined. 3. If Prefix attribute is missing, it means that default namespace is defined. Text change request In Section 5.3, Element <PolicySetDefaults>, line 1487-1489, <AbstractDefaults>[Any Number] This is the head of substitution group to specify default parameters. The elements in this substitution group defined at this time is <XPathNamespace> element. ======= end of [0032] ======== [0035] AttributeSelectorIndirect I want to postpone this change request update until we reach an agreement on a function model. [0039] Proposal: I request to remove "XPathVersion" attribute from AttributeSelector element. This change removes theThe reason is that we already allow a default value of XPathVersion in Policy and PolicySet elements. Since the minimum unit of the policy rules are Policy element, I think it is sufficient to specify XPath version information at a policy level, not at each AttributeSelector level. Policy writer who uses AttributeSelector must specify the xpath version in PolicyDefaults or PolicySetDefaults element. The value of XPath 1.0 version is " http://www.w3.org/TR/1999/Rec-xpath-19991116". Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC