[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] change request: subject-attribute-designator and subjectcategory
I thought the purpose of the SubjectAttributeDesignatorWhere was to get all matches from the same subject, of which subject-category was one of the attributes you match on. I think we worked this out quite well, and cuts down on the machinery needed to just select mere attributes from a subject. Cheers, -Polar On Thu, 26 Sep 2002, Simon Godik wrote: > xacml request context supports multiple <xacml-context:Subject> elements. > Each <xacml-context:Subject> element is tagged with the subject-category, such as: > access-subject, codesource, etc. Subject category name is unique, ie there is no > two <xacml-context:Subject> elements in the request context with the same value of subject-category > attribute. > > <xacml:Subject> element in the policy allows us to specify multiple subject matches at the same time: > sm1 'and' sm2 'and' sm3 etc. Syntactically, context subject attribute is selected with > <xacml:SubjectAttributeDesignator> element that names attribute-id and issuer. > > Very often all subject attributes must be selected from the same subject block. > > Proposal: Extend <xacml:SubjectAttributeDesignator> with optional SubjectCategory attribute: > <xs:complexType name="SubjectAttributeDesignatorType"> > <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> > <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> > <xs:attribute name="SubjectCategory" type="xs:string" use="optional"/> <-- new attribute > </xs:complexType> > > Simon > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC