[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] bags and targets. Forwarded message from Seth Proctor
Anne, If we like what I did with the *IsPresent text, it might be best to align the *Designator and Selector text with that. I guess what I am getting at is that the operational semantics of MustBePresent are specified in the main paragraphs, while the "attribute" descriptions merely explain breifly what they are and how they are specified. -Polar On Tue, 29 Oct 2002, Anne Anderson wrote: > I have the following action item: > > 0142: [Seth Proctor] bags and targets. Forwarded message from Seth Proctor. > e-mail sent 17 Oct 2002 16:43:04 -0400 (EDT) > http://lists.oasis-open.org/archives/xacml/200210/msg00216.html > > ACTION ITEM: [Anne] Write up TENTATIVE RESOLUTION with details spelled out. > > STATUS: UNRESOLVED (10/28). See TENTATIVE RESOLUTION. > > TENTATIVE RESOLUTION: Create a new XML attribute on Designators > and Selectors to indicate "Must be present". This new > attribute is optional, and may be used in either Target or > Condition. Behavior of indeterminate results in Target where > AND or especially OR is being done (e.g. in multiple subjects > where only one needs to match) needs to be spelled out, but it > should follow behavior of current "and" and "or" functions. > > Here is my attempt at writing up the details: > > 1. In policy schema: Change > <xs:complexType name="AttributeSelectorType"> > <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> > <xs:attribute name="DataType" type="xs:anyURI" use="required"/> > </xs:complexType> > To: > <xs:complexType name="AttributeSelectorType"> > <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> > <xs:attribute name="DataType" type="xs:anyURI" use="required"/> > <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" > default="false"/> > </xs:complexType> > > 2. In policy schema, Change > <xs:complexType name="AttributeDesignatorType"> > <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> > <xs:attribute name="DataType" type="xs:anyURI" use="required"/> > <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> > </xs:complexType> > To: > <xs:complexType name="AttributeDesignatorType"> > <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> > <xs:attribute name="DataType" type="xs:anyURI" use="required"/> > <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> > <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" > default="false"/> > </xs:complexType> > > 3. Section 5.23 Complex type AttributeDesignatorType, append > following to the very end of this section (after Issuer > [Optional] description): > > MustBePresent [Optional] > > The MustBePresent attribute governs whether the > AttributeDesignator element returns an empty bag or > indeterminate in the case of finding no value for the named > attribute in the request context. If the value can not be > located and the MustBePresent attribute is set to false, > then the AttributeDesignator element SHALL result in an > empty bag. If the value can not be located and the > MustBePresent attribute is set to true, then the > AttributeDesignator element SHALL result in indeterminate. > Regardless of the MustBePresent attribute, if it cannot be > determined whether the attribute is present or not present > in the request context, or if the value of the attribute is > unavailable due to any error, then the AttributeDesignator > element SHALL result in indeterminate. > > The default value for the MustBePresent attribute is false. > > 4. Section 5.29 Element <AttributeSelector>, append following to > the very end of this section (after DataType [Required] > description): > > The MustBePresent attribute governs whether the > AttributeSelector element returns an empty bag or > indeterminate in the case of finding no value for the named > attribute in the request context. If the value can not be > located and the MustBePresent attribute is set to false, > then the AttributeSelector element SHALL result in an empty > bag. If the value can not be located and the MustBePresent > attribute is set to true, then the AttributeSelector > element SHALL result in indeterminate. Regardless of the > MustBePresent attribute, if it cannot be determined whether > the attribute is present or not present in the request > context, or if the value of the attribute is unavailable > due to any error, then the AttributeSelector element SHALL > result in indeterminate. > > The default value for the MustBePresent attribute is false. > > Are there any other places that need a change? > > Anne > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC