[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] subjects
On Mon, 4 Nov 2002, Simon Godik wrote: > Polar, > I'm trying to understand your proposal. > what you do is: > attr-desig-type(attrid, data-type, issuer, must-be-present) > subject-qualifier(match-id, attr-value) > subj-attr-desig-type(0...many subj-qualifier) > qualified-subj-attr-desig(from-subjects) Yes. (I think) > then qualified-subj-attr-desig is used in the subject-match in the target > and in the apply element. > > it looks like subj-attr-desig-type is not used by itself. Correct. It's only used for extenstion to QualifiedSubjectAttributeDesignator and QualfiiedSubjectAttributeDesignatorIsPresent. > subject expression in the target is now quite complicated. You still had to match on a subject category attribute. That is no different on matching on any other named attribute, really. The only thing, is now that you may have more qualifying it in an AND, of which I don't think is that bad. (i.e match me all subjects that have weight = 100 with subject-category = access-subject, and role = doctor. Indexing can still prevail. -Polar > I think I need more time to make up my mind about your proposal. > Simon > > ----- Original Message ----- > From: "Polar Humenn" <polar@syr.edu> > To: "XACML" <xacml@lists.oasis-open.org> > Sent: Monday, November 04, 2002 2:10 PM > Subject: Re: [xacml] subjects > > > > > > I have a schema for what I was talking about, which is attached. > > > > I've not run any XML tools on it. But perhaps this might give you an idea > > of what I was getting at. > > > > -Polar > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC