[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Resolutions on 12th call
I think that the following are the resolutions TC made in the previous TC
call on 12th. Please let me know if there is a mistake.
0026. [Michiharu] Add XPath functions as non-mandatory
STATUS: POSTPONED 9/19 (Michiharu will update and resubmit)
0031. [Michiharu] Type of XPathVersion element from string=>anyURI
STATUS: WITHDRAW ACCEPTED (QUORUM) 9/12
0032. [Michiharu] Schema change of AttributeSelector
STATUS: ACCEPTED 9/12 (QUORUM)
0035. [Michiharu] AttributeSelectorIndirect
STATUS: POSTPONED 9/12 (Michiharu will update and resubmit)
0039. [Michiharu] Remove XPathVersion attribute from AttributeSelector
STATUS: ACCEPTED 9/12 (QUORUM)
======================
0032. [Michiharu] Schema change of AttributeSelector
http://lists.oasis-open.org/archives/xacml/200209/msg00078.html
I propose to change the AttributeSelector element.
<xs:complexType name="AttributeSelectorType">
<xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default
="http://www.w3.org/TR/1999/Rec-xpath-19991116"/>
</xs:complexType>
==>
<xs:complexType name="AttributeSelectorType">
<xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs
="unbounded"/>
<xs:attribute name="RequestContextPath" type="xs:anyURI" use
="optional"/>
<xs:attribute name="DataType" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="XPathNamespace" type="xacml:XPathNamespaceType"
substitutionGroup="xacml:AbstractDefaults"/>
<xs:complexType name="XPathNamespaceType">
<xs:attribute name="NamespaceURI" type="xs:anyURI"/>
<xs:attribute name="Prefix" type="xs:string" use="optional"/>
</xs:complexType>
Scope of the XPathNamespace for AttributeSelector element:
1. AttributeSelector element that includes XPathNamespace element,
XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements
that include the AttributeSelector element.
For the precedence,
1. XPathNamespace elements in AttributeSelector take precedence over
XPathNamespace elements in PolicyDefaults in Policy element..
2. XPathNamespace elements in PolicyDefaults in Policy take precedence over
XPathNamespace elements in PolicySetDefaults in PolicySet element..
3. If there are two or more identical prefixes are specified under an
AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the
last prefix takes precedence over the previous prefixes.
Others:
1. Global xmlns attribute is not used for resolving namespace-prefix pair
specified in XPath expression.
2. If no XPathNamespace element is found in valid scope, it means no
namespace-prefix pair is defined.
3. If Prefix attribute is missing, it means that default namespace is
defined.
Text change request
In Section 5.3, Element <PolicySetDefaults>, line 1487-1489,
<AbstractDefaults>[Any Number]
This is the head of substitution group to specify default parameters. The
elements in this substitution group defined at this time is
<XPathNamespace>
element.
0039. [Michiharu] Remove XPathVersion attribute from AttributeSelector
http://lists.oasis-open.org/archives/xacml/200209/msg00078.html
I request to remove "XPathVersion" attribute from AttributeSelector
element. The reason is that we already allow a default value of
XPathVersion in Policy and PolicySet elements. Since the minimum unit of
the policy rules are Policy element, I think it is sufficient to specify
XPath version information at a policy level, not at each AttributeSelector
level. Policy writer who uses AttributeSelector must specify the xpath
version in PolicyDefaults or PolicySetDefaults element. The value of XPath
1.0 version is "http://www.w3.org/TR/1999/Rec-xpath-19991116";.
Best
Michiharu Kudo
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
----- Forwarded by Michiharu Kudoh/Japan/IBM on 2002/09/17 18:59 -----
Michiharu Kudoh
To: XACML TC <xacml@lists.oasis-open.org>
2002/09/12 20:47 cc:
From: Michiharu Kudoh/Japan/IBM@IBMJP
Subject: Action items on change request
[0026] Add XPath functions as non-mandatory
I want to postpone this change request update until we reach an agreement
on a function model.
[0031] Type of XPathVersion element from string=>anyURI
I would like to change my original change request and propose a change
request [0039]. If [0039] is accepted, [0031] disappears. Then Simon's
concern is solved.
[0032] Schema change of AttributeSelector
I revise my change request. With the change request 0031, a schema change
request becomes:
======== start of [0032] ========
I propose to change the AttributeSelector element. The reason of this
change is described in a separate mail titled "[xacml] AttributeSelector
example".
<xs:complexType name="AttributeSelectorType">
<xs:attribute name="RequestContextPath" type="xs:anyURI" use="required"/>
<xs:attribute name="DataType" type="xs:anyURI" use="required"/>
<xs:attribute name="XPathVersion" type="xs:anyURI" use="optional" default
="http://www.w3.org/TR/1999/Rec-xpath-19991116"/>
</xs:complexType>
==>
<xs:complexType name="AttributeSelectorType">
<xs:element ref="xacml:XPathNamespace" minOccurs="0" maxOccurs
="unbounded"/>
<xs:attribute name="RequestContextPath" type="xs:anyURI" use
="optional"/>
<xs:attribute name="DataType" type="xs:anyURI" use="optional"/>
</xs:complexType>
<xs:element name="XPathNamespace" type="xacml:XPathNamespaceType"
substitutionGroup="xacml:AbstractDefaults"/>
<xs:complexType name="XPathNamespaceType">
<xs:attribute name="NamespaceURI" type="xs:anyURI"/>
<xs:attribute name="Prefix" type="xs:string" use="optional"/>
</xs:complexType>
Scope of the XPathNamespace for AttributeSelector element:
1. AttributeSelector element that includes XPathNamespace element,
XPathNamespace elements in PolicyDefaults or PolicySetDefaults elements
that include the AttributeSelector element.
For the precedence,
1. XPathNamespace elements in AttributeSelector take precedence over
XPathNamespace elements in PolicyDefaults in Policy element..
2. XPathNamespace elements in PolicyDefaults in Policy take precedence over
XPathNamespace elements in PolicySetDefaults in PolicySet element..
3. If there are two or more identical prefixes are specified under an
AttributeSelector, a PolicyDefaults or a PolicySetDefaults elements, the
last prefix takes precedence over the previous prefixes.
Others:
1. Global xmlns attribute is not used for resolving namespace-prefix pair
specified in XPath expression.
2. If no XPathNamespace element is found in valid scope, it means no
namespace-prefix pair is defined.
3. If Prefix attribute is missing, it means that default namespace is
defined.
Text change request
In Section 5.3, Element <PolicySetDefaults>, line 1487-1489,
<AbstractDefaults>[Any Number]
This is the head of substitution group to specify default parameters. The
elements in this substitution group defined at this time is
<XPathNamespace>
element.
======= end of [0032] ========
[0035] AttributeSelectorIndirect
I want to postpone this change request update until we reach an agreement
on a function model.
[0039]
Proposal:
I request to remove "XPathVersion" attribute from AttributeSelector
element. This change removes theThe reason is that we already allow a
default value of XPathVersion in Policy and PolicySet elements. Since the
minimum unit of the policy rules are Policy element, I think it is
sufficient to specify XPath version information at a policy level, not at
each AttributeSelector level. Policy writer who uses AttributeSelector must
specify the xpath version in PolicyDefaults or PolicySetDefaults element.
The value of XPath 1.0 version is "
http://www.w3.org/TR/1999/Rec-xpath-19991116";.
Michiharu Kudo
IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC