[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Section 7.3 re-wording
Colleagues, The XACML Comments Subcommittee meeting on 11/25/02 proposed a resolution to Comment#43 via a re-wording of Section 7.3. This re-wording is contained in the ACTIONS: section of the comment below. We felt the re-wording needed to be posted to this list and looked at carefully before resolving the comment, however. Please read this over and post your opinion. Anne Anderson ========================================================================= 0043. http://lists.oasis-open.org/archives/xacml-comment/200211/msg00080.html Subject: A comment on Section 7.3 From: Satoshi Hada <SATOSHIH@jp.ibm.com> Date: Fri, 22 Nov 2002 15:47:49 +0900 Section 7.3 says that The target value SHALL be "Match" if the subjects, resource and action specified in the request context are all present in (i.e., within the scope of) the target. This sentence is unclear to me because the meaning of "present" is unclear to me. Why doesn't Section 7.3 mention MatchId? I think Section 7.3 should reference A.12, where I can find the detailed semantics of MatchId. It seems to me that the term "present" is used in three places (ignoring the "present" function), 1) Section 3.3.1.1 Rule target The meaning of "present" used here is also unclear to me, but I can accept this situation because Section 3 is non-normative. 2)Section 5.27, 5.28, 5.29 (Resource, Action, Environment Attr Designator) There is clear definitions of "present" from the attribute designator perspective. (I think these definitions have nothing to do with MatchId attributes used in <Target>) 3)Section 7.3 Is the term "present" used in Section 7.3 the same as the ones defined in Section 5.27, 5.28, 5.29??? CATEGORY: Unclear. STATUS: Discussed 11/25/02. Post proposed change below to the XACML list for further discussion. RESPONSE: ACTIONS: Change 7.3 Target Evaluation to say The target value SHALL be "Match" if the subject, resource and action elements specified in the target all match values in the request context. The target value SHALL be "No-match" if the subject, resource, and action elements specified in the target do not match values in the request context. The value of a Match element where a referenced attribute value can not be obtained depends on the value of the "MustBePresent" attribute of the AttributeDesignator. If the "MustBePresent" attribute is "true", then the result of the Match element is "Indeterminate" when the AttributeDesignator value can not be obtained. If the "MustBePresent" attribute is "false" or missing, then the result of the Match element is "False" when the AttributeDesignator value can not be obtained.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC