[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] change request: xacml context attributes and data types
Anne, If this is the case we should extend attribute designator to specify data type of the attribute to be selected. Simon ----- Original Message ----- From: "Anne Anderson" <Anne.Anderson@Sun.com> To: "Simon Godik" <simon@godik.com> Cc: <xacml@lists.oasis-open.org> Sent: Friday, September 27, 2002 6:43 AM Subject: Re: [xacml] change request: xacml context attributes and data types > But, as discussed on yesterday's call, a <Subject> may have more > than one subject-id attribute. For example, one may give the > rfc822Name under which the subject authenticated, and another may > give the x500Name. > > The datatype is required to allow the AttributeDesignator to > select the instance of the attribute that has the correct > datatype for the function in which the designator occurs. > > Anne > > On 27 September, Simon Godik writes: [xacml] change request: xacml context attributes and data types > > From: Simon Godik <simon@godik.com> > > To: xacml@lists.oasis-open.org > > Subject: [xacml] change request: xacml context attributes and data types > > Date: Fri, 27 Sep 2002 00:30:29 -0700 > > > > Currently <xacml-context:Attribute> element allows DataType attribute. > > > > Rationale for keeping DataType attribute in the <xacml-context:Attribute> element was that > > it can sometimes be helpful, such as specifiying subject-id format, like > > subject-id="cn=simon", data-type="x500-name" > > > > But this information is redundant, because subject-id attribute will be passed to the specific > > function that expects arguments of certain type. For example, if subject-id is passed to > > the x500Name-equal function it expects it's arguments to be in x500 name format. > > > > So data type does not add value here. > > > > Another problem is that we can not access DataType attribute with AttributeDesignator. > > > > Proposal: remove DataType attribute from the <xacml-context:Attribute>. > > > > Simon > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> > > <META content="MSHTML 5.50.4522.1800" name=GENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=#ffffff> > > <DIV><FONT face=Arial size=2>Currently <xacml-context:Attribute> element > > allows DataType attribute.</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>Rationale for keeping DataType attribute in the > > <xacml-context:Attribute> element was that</FONT></DIV> > > <DIV><FONT face=Arial size=2>it can sometimes be helpful, such as specifiying > > subject-id format, like</FONT></DIV> > > <DIV><FONT face=Arial size=2>subject-id="cn=simon", > > data-type="x500-name"</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>But this information is redundant, because > > subject-id attribute will be passed to the specific</FONT></DIV> > > <DIV><FONT face=Arial size=2>function that expects arguments of certain type. > > For example, if subject-id is passed to</FONT></DIV> > > <DIV><FONT face=Arial size=2>the x500Name-equal function it expects it's > > arguments to be in x500 name format.</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>So data type does not add value here.</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>Another problem is that we can not access DataType > > attribute with AttributeDesignator.</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>Proposal: remove DataType attribute from the > > <xacml-context:Attribute>.</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial size=2>Simon</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML> > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC