OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] AA11: Clarify "MatchId" functions

Text location: Section A.11 Matching elements, p. 89, lines
3446-3456.

Text change: Replace follow paragraph:

  "The match elements: <SubjectMatch>, <ResourceMatch> and
   <ActionMatch> SHALL use XACML standard functions to perform
   the match evaluation.  The function used for determinaing a
   match is named in the MatchId attribute of these elements.
   Each of these elements contains a <AttributeDesignator> or
   <AttributeSelector> element and an explicit attribute value.
   The restriction on the function is that the MatchId attribute
   must name a binary function, such that its result type is
   "xs:boolean".  Also, each argument to the named function must
   match the appropriate primitive types for the
   <AttributeDesignator> or <AttributeSelector> element and the
   following explicit attribute value, such that the explicit
   attribute value is placed as the first argument to the
   function, while an element of the bag returned by the
   <AttributeDesignator> or <AttributeSelector> element is placed
   as the second argument to the function."

  with the following:

  "The match elements: <SubjectMatch>, <ResourceMatch> and
   <ActionMatch> SHALL use functions that match two arguments,
   returning a result type of "xs:boolean", to perform the match
   evaluation.The function used for determinaing a match is named
   in the MatchId attribute of these elements.  Each argument to
   the named function must match the appropriate primitive types
   for the <AttributeDesignator> or <AttributeSelector> element
   and the following explicit attribute value, such that the
   explicit attribute value is placed as the first argument to
   the function, while an element of the bag returned by the
   <AttributeDesignator> or <AttributeSelector> element is placed
   as the second argument to the function.

   The XACML standard functions that may be used as a MatchId
   attribute value are:

      function:*-equal
      function:*-greater-than
      function:*-greater-than-or-equal
      function:*-less-than
      function:*-less-than-or-equal
      function:*-match
     [function:*-one-and-only]???
     [function:*-is-in]???

Rationale: explanation of which functions may be used as MatchId
functions is not clear.  Also, function used need not be a
"standard" function as long as it returns a boolean and its
arguments follow the required format.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC