OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] AA11: Clarify "MatchId" functions



>      [function:*-one-and-only]???
>      [function:*-is-in]???

These functions are not valid for the MatchId, as it would be type
incorrect.

-Polar


On Mon, 14 Oct 2002, Anne Anderson wrote:

> Text location: Section A.11 Matching elements, p. 89, lines
> 3446-3456.
>
> Text change: Replace follow paragraph:
>
>   "The match elements: <SubjectMatch>, <ResourceMatch> and
>    <ActionMatch> SHALL use XACML standard functions to perform
>    the match evaluation.  The function used for determinaing a
>    match is named in the MatchId attribute of these elements.
>    Each of these elements contains a <AttributeDesignator> or
>    <AttributeSelector> element and an explicit attribute value.
>    The restriction on the function is that the MatchId attribute
>    must name a binary function, such that its result type is
>    "xs:boolean".  Also, each argument to the named function must
>    match the appropriate primitive types for the
>    <AttributeDesignator> or <AttributeSelector> element and the
>    following explicit attribute value, such that the explicit
>    attribute value is placed as the first argument to the
>    function, while an element of the bag returned by the
>    <AttributeDesignator> or <AttributeSelector> element is placed
>    as the second argument to the function."
>
>   with the following:
>
>   "The match elements: <SubjectMatch>, <ResourceMatch> and
>    <ActionMatch> SHALL use functions that match two arguments,
>    returning a result type of "xs:boolean", to perform the match
>    evaluation.The function used for determinaing a match is named
>    in the MatchId attribute of these elements.  Each argument to
>    the named function must match the appropriate primitive types
>    for the <AttributeDesignator> or <AttributeSelector> element
>    and the following explicit attribute value, such that the
>    explicit attribute value is placed as the first argument to
>    the function, while an element of the bag returned by the
>    <AttributeDesignator> or <AttributeSelector> element is placed
>    as the second argument to the function.
>
>    The XACML standard functions that may be used as a MatchId
>    attribute value are:
>
>       function:*-equal
>       function:*-greater-than
>       function:*-greater-than-or-equal
>       function:*-less-than
>       function:*-less-than-or-equal
>       function:*-match
>      [function:*-one-and-only]???
>      [function:*-is-in]???
>
> Rationale: explanation of which functions may be used as MatchId
> functions is not clear.  Also, function used need not be a
> "standard" function as long as it returns a boolean and its
> arguments follow the required format.
>
> Anne
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC