OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] Section 7.3 re-wording


Colleagues,

The XACML Comments Subcommittee meeting on 11/25/02 proposed a
resolution to Comment#43 via a re-wording of Section 7.3.  This
re-wording is contained in the ACTIONS: section of the comment
below.  We felt the re-wording needed to be posted to this list
and looked at carefully before resolving the comment, however.
Please read this over and post your opinion.

Anne Anderson
=========================================================================
0043. http://lists.oasis-open.org/archives/xacml-comment/200211/msg00080.html
Subject: A comment on Section 7.3
From: Satoshi Hada <SATOSHIH@jp.ibm.com>
Date: Fri, 22 Nov 2002 15:47:49 +0900

Section 7.3 says that
The target value SHALL be "Match" if the subjects, resource and action
specified in the request
context are all present in (i.e., within the scope of) the target.

This sentence is unclear to me because the meaning of "present" is unclear
to me.
Why doesn't Section 7.3 mention MatchId?
I think Section 7.3 should reference A.12, where I can find the detailed
semantics of MatchId.

It seems to me that the term "present" is used in three places (ignoring
the "present" function),
1) Section 3.3.1.1 Rule target
The meaning of "present" used here is also unclear to me, but I can accept
this situation
because Section 3 is non-normative.

2)Section 5.27, 5.28, 5.29 (Resource, Action, Environment Attr Designator)
There is clear definitions of "present" from the attribute designator
perspective.
(I think these definitions have nothing to do with MatchId attributes used
in <Target>)

3)Section 7.3
Is the term "present" used in Section 7.3 the same as the ones defined in
Section 5.27, 5.28, 5.29???

CATEGORY: Unclear.
STATUS: Discussed 11/25/02.  Post proposed change below to the
XACML list for further discussion.
RESPONSE: 
ACTIONS: Change 7.3 Target Evaluation to say

The target value SHALL be "Match" if the subject, resource and
action elements specified in the target all match values in the
request context.  The target value SHALL be "No-match" if the
subject, resource, and action elements specified in the target do
not match values in the request context.  The value of a Match
element where a referenced attribute value can not be obtained
depends on the value of the "MustBePresent" attribute of the
AttributeDesignator.  If the "MustBePresent" attribute is "true",
then the result of the Match element is "Indeterminate" when the
AttributeDesignator value can not be obtained.  If the
"MustBePresent" attribute is "false" or missing, then the result
of the Match element is "False" when the AttributeDesignator
value can not be obtained.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC