[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] bags and targets. Forwarded message from Seth Proctor.
On Fri, 18 Oct 2002, Anne Anderson wrote: > On 17 October, Polar Humenn writes: Re: [xacml] bags and targets. Forwarded message from Seth Proctor. > > This sentence means exactly what it says. If the the selector or > > designator evalutates to an empty bag, then there is no match, i.e. the > > match "predicate" is False. > > Isn't this in direct contradiction to your proposed text for > "7.4.2.2 Missing Attributes": > > 7.4.2.2 Missing Attributes > > The PDP SHALL consider an attribute as missing if it > evaluates an expression that requires at least one value to > be present from an attribute designator or selector. No, This says if the PDP "evaluates an expression that requires at least one value to be present" Such an example would be <Apply FunctionId="string-one-and-only"> <AttributeDesignator AttributeId="urn:...:name" DataType="xs:string"/> </Apply> > In this > case, the expression evaluates to "indeterminate". The PDP > may carry the missing attribute upward in its indeterminate > value in accordance with the XACML evaluation strategy of the > encompassing expressions, rules, policies, and policy > sets. If the PDP evaluates its policy or policy set to > Indeterminate with a missing attribute, the PDP MAY list the > AttributeId and DataType of that attribute in the result as > described in Section 7.5 "Authorization decision". However, > the PDP MAY choose not to issue such information due to > security concerns. > > Anne > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC