RE: [xacml] Proposed Agenda, Sept. 19 Concall...

[Daniel Engovatov <dengovatov@crosslogix.com>]

Just to clarify what I was proposing instead of the "higher-order" schema
additions - objections to which I listed in previous mails.

With the restrictions on MatchId functionality -- with them I fully agree --
in place, the only functionality in the condition that is added by the
"higher-order" schema, can be implemented with the following set of
functions
(not necessarily all mandatory)

map-integer-to-decimal
map-decimal-to-integer

*-bag-greater-then
*-bag-greater

For integer, decimal, string, date, time, datetime with the semantics of
comparing two sequences "any-to-any".
Other operations can be covered by changing operands order and using
sequence(<attributevalue>) to specify single value.  It is logically
equivalent.

And
*-match-is-in - equivalent of "is-in", AKA "member-of" but using string,
RFC822, X500 match instead of *-equal

That's it - exact same functionality, no need for any additional written
restrictions in Match - schema does it
for us, and clear extensible semantics of the <apply> - that will allow for
easy interoperations on the level of extension function libraries.. And
maybe less work to implement and test..

Of course, the "coolness" factor of such solution is low, but here I do not
have any argument against..

Not sure if I can be for the call - if not, my vote is strongly against the
additions, but if our featuritis is bad enough and it is accepted - for the
restrictions on the <MatchId>, and for additional work to clarify the
resulting semantics of the function extension point...

Regards.
Daniel;


-----Original Message-----
From: Polar Humenn [mailto:polar@syr.edu]
Sent: Wednesday, September 18, 2002 2:24 PM
To: XACML
Subject: Re: [xacml] Proposed Agenda, Sept. 19 Concall...



Lets change 10:15-10:30 agenda item to discussing the 0.11
Functions 0.11 document.

There should be one issue with it so far:

We restrict the functions named in MatchId to be only of the following:

<type>-equal   for only the standard primitive types,

the standard match functions:

regexp-string-match,
x500Name-match,
rfc822Name-match,

and nothing else, i.e. no non-standard functions (i.e. extension
functions), as this would complicate simplistic matching.

Cheers,
-Polar




On Wed, 18 Sep 2002, Carlisle Adams wrote:

> > Date:  Thursday, September 19, 2002
> > Time: 10:00 AM EDT
> > Tel: 512-225-3050 Access Code: 65998
> >
> > Proposed Agenda:
> >
> > 10:00-10:05 Roll Call and Agenda Review
> > 10:05-10:10 Vote to accept minutes of September 12 concall
> > http://lists.oasis-open.org/archives/xacml/200209/msg00090.html
> > 10:10-10:15 Review of Action Items (see 9/12 minutes)
> > 10:15-10:30 Discussion (and vote?) on the Functions 0.9 draft (Polar,
> > Daniel)
> > 10:30-10:40 Discussion (and vote?) on remaining v0.16 technical change
> > requests (all)
> 10:40-10:50 XACML Primer discussion (Konstantin, Hal)
> 10:50-10:55 Discussion of XACML token submission for WSS (Tim, Carlisle)
> > 10:55-11:00 Discussion of schedule for Committee Spec (Carlisle)
> >
> 11:00-12:00 Focus group discussion (as many participants as possible; we
> need to come to closure!)
>
> > Carlisle.
> >
>


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>