Scoped request is only one kind of a request.
Requiring to provide a special “dummy” value in the context
to accommodate for that is a pretty ugly limitation in my opinion, especially
as we do not define in any form what “hierarchical” really means –
leaving the structure of resource outside of specification.
I think that for such requests what “resource”
is should be inferred from the context (which may, or may not contain any
specific attributes) and if any hierarchical relationship is declared in any
form, they should be used.
I would think that a requirement for
strict and unique identification of “resource” and unduly
burdensome and shall not be needed. I will try to propose how it can be
From: Satoshi Hada
Sent: Monday, January 05, 2004
Subject: RE: [xacml] [Issue] How
many resourceIds in request context?
>> It should not be required
think it should be required to clarify how to process a hierarchical resource
and the "scope" attribute.
IBM Tokyo Research Laboratory
RE: [xacml] [Issue] How many resourceIds in
Ouch. This is bad. This
is real bad. I did not notice this sentence. It should not be
required. Will think on what interpretation I can suggest instead.
Also, Section 7.8 says that if the "scope" value is
or omitted, the request SHALL be interpreted to apply to
just the single resource specified by the "resource-id"
I think this description implies that
there must be one and only one "resource-id" attribute
in any request context.