[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] subjects
I think the easiest way around this problem is to eliminate the SubjectCategory from the SubjectAttributeDesignator and add the SubjectQualifiers to the SubjectAttributeDesignator. A SubjectQualifier extends a AttributeDesignator with the following attributes "MatchId" and a "AttributeValue" element. This approach allows you to qualify the SubjectMatch in the target to any category or any other attribute. The only thing that remains a problem for targeting is the MustBePresent, as before. Next extend QualifiedSubjectAttributeDesignator SubjectAttributeDesignator with a "FromSubjects" attribute of which its default value is "single-subject", as opposed to "multiple-subjects". Only QualifiedSubjectAttributeDesignators are allowed to be Expressions. If the FromSubjects attribute is set to single-subject and multiple subjects match, the expression raises an indeterminate. QualifiedSubjectAttributeIsPresent extends SubjecAttributeDesignator with a "MustBeSingleSubject" attribute. If MustBeSingleSubject is set to "true" and the qualifiers select zero or more than one subject, then the answer is false. Otherwise, it returns the true if the attribute is within that selected subject. A true result with MustBeSingleSubject set to true means that the attribute is present and a QualfiedSubjectATtributeDesignator with FromSubjects=single-subject will not raise an indeterminate. What do you think?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC