OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] change request: resource content


Simon,

I am ok with your first proposal but I am not clear on the second one. The
intention of having a ResourceContent element in XACML Request Context is
that it must allow any arbitrary XML fragment below ResourceContent
element. That's why the schema allows any structure. If you remove the
ResourceContent and place the arbitrary XML fragment below Attribute
element instead, you will need another changes on schema, for example to
allow any elements below Attribute element or to introduce a new elements
like ResourceContent.

Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428




                                                                                                                                                    
                      Simon Godik                                                                                                                   
                      <simon@godik.com>        To:       xacml@lists.oasis-open.org                                                                 
                                               cc:                                                                                                  
                      2002/09/27 15:09         Subject:  [xacml] change request: resource content                                                   
                                                                                                                                                    
                                                                                                                                                    
                                                                                                                                                    



<xacml-context:Resource> element has <xacml-context:ResourceContent> child.
If resource content is relevant in access decision it is placed as a child
of <ResourceContent> element.

Currently, the only way to access <ResourceContent> and it's children
elements is with
<xacml:AttributeSelector>, support for which is optional.

There is no way to access this data with
<xacml:ResourceAttributeDesignator>.

Proposal 1: Introduce resource attribute identifier:
"urn:oasis:names:tc:xacml:1.0:resource:resource-content" that will address
<ResourceContent> element.
In this case, both <ResourceContent> and identifier refer to the same
entity. No schema change required.

Proposal 2: Drop <ResourceContent> element and introduce resource
identifier as above.
The xpath expressions in the <xacml:AttributeSelector> will be taken over
this resource attribute:
<AttributeSelector RequestContextPath=
    "//ctx:Request/ctx:Resource/
    ctx:Attribute[@AttributeId='
urn:oasis:names:tc:xacml:1.0:resource:resource-content']/*"/>

In both cases (1) and (2) we can access content with
resource-attribute-designator:
<ResourceAttributeDesignator AttributeId="
urn:oasis:names:xacml:1.0:resource:resource-content"/>

Simon

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC