[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] examples in specification
Hi Michiharu. After thinking a little more about this example, I'm now not sure that it is valid. The example specifies string attribute values, but the values are actually XML elements. From my reading of the XMLSchema specification, I'm not sure that it's legal to use XML Elements to specify a string. What do you think about this? Example: <AttributeValue DataType="...string"> <foo>hello</foo> </AttributeValue> seems clearly invalid, since this is mixed content (a Text node that contains only a newline, and then an Element). <AttributeValue DataType="...string"><foo>hello</foo></AttributeValue> is what I'm asking about. Is it valid to use the XML Element here to specify a string value when XMLSchema specifies that a string is a single Text node? seth >>the example implies something about the specification that isn't true >>(ie, that the PDP will interpret the contents of assignments), at least >>as I read the specification. > > > I don't agree that the example in section 4.2.4.3 isn't true. The > obligation described in that rule is "email" with three arguments, an email > address in the medical record referred by a specific XPath, a text string, > and subject id in the request context. These three arguments are not for > PDP but for PEP. PDP does not have to interpret those arguments and the > whole text string below the obligation element is sent back to PEP as a > part of the decision. No interpretation by PDP is not required. Instead, > PEP must understand those parameters but this kind of agreement between PDP > and PEP is already assumed, as described in section 5.35. > > Michiharu > > > > > Seth Proctor > <Seth.Proctor@Sun To: xacml@lists.oasis-open.org > .COM> cc: > Subject: [xacml] examples in specification > 2003/10/22 00:32 > > > > > > > [With everyone at the F2F I don't expect a quick response, but I figured > that if things are getting slow, this will give you something to > discuss <g>] > > I've spent the better part of this morning trying to explain how > Obligations work. The question came up because of the example in section > 4.2.4.3 (Rule 3). In this example, AttributeAssignments contain > AttributeSelectors and AttributeDesignators. While this isn't illegal, > the example implies something about the specification that isn't true > (ie, that the PDP will interpret the contents of assignments), at least > as I read the specification. > > This isn't the first example that has caused confusion. I know all work > items were supposed to be submitted before the F2F, but I would like to > propose that we review & correct all examples before the 2.0 release. I > don't think this is a work item so much as a natural requirement of > releasing a major-version revision of a specification, but I haven't > heard any discussion on the topic. Thoughts? > > > seth > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php > . > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]