OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] AA02: New section in Appendix A on Structured datatypes

Text location: Section A, following "A.2 Primitive
types" (p. 86, between lines 3345 and 3346 in my copy of 18c :-)

Text change: Add following new section

  A.3 Structured types

  An XACML <AttributeValue> MAY contain an instance of a structured
  xml data type, for example <ds:KeyInfo>.  XACML 1.0 supports
  three ways of comparing such <AttributeValue>s.

  1) In some cases, such an <AttributeValue> may be compared
     using one of the XACML string functions, such as
     regexp-string-match, described below.  This requires the
     structured data, including its tags and attributes, to be
     treated as an <xs:string>.  In general, this method will not
     be adequate unless the structured data type is quite simple.

  2) An <AttributeSelector> element may be used to select the value
     of a leaf sub-element of the structured data type.  That value
     may then be compared using one of the supported XACML
     functions appropriate for its primitive data type.

  3) An <AttributeSelector> element may be used to select the value
     of any node in the structured type.  This node may then be
     compared using one of the XPath-based functions described

  Methods 2) and 3) require support for optional XACML features
  (XPath expressions and XPath functions) by the PDP.

  A fourth alternative is for a community of XACML users to define
  separate attribute identifiers for each leaf sub-element of a
  given structured data type.  Using these identifiers, the Context
  Handlers used by that community of users can flatten instances of
  the structured data type into a sequence of <Attribute>s.  Each
  such <Attribute> will have an <AttributeValue> that is and
  instance of one of the XACML-supported primitive Datatypes, and
  thus can be compared using the XACML-supported functions.

Rationale: this change was proposed in "[xacml] Proposed text for
new section in Appendix A on Structureddatatypes", 03 Oct 2002
14:16:09 -0400(EDT),
No objections were received.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC