OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Questions on Attributes in Specification

Happy Belated Holidays all...

I'm working through my notes on "current usage of attributes within the
XACML" specification to propose wording changes as per my work item.  I have
several questions that I'd like to pose to the committee to ensure my
understanding of specification details before I complete my task.    I've
outlined these questions (and relevant line numbers below).

Thank you for the insight!



1)  ResourceAttributeDesignator (lines 2318 - 2327),
ActionAttributeDesignator( 2343 - 2352) and EnvironmentAttributeDesignator
(lines 2369 - 2378) all refer to "a bag containing all the (resource,
action, environment) attribute values that are matched by the named
(resource, action, environment) attribute.

a)  I presume this text corresponds to the description of the returned bag
for an AttributeSelector as described in line 2448 - 2454?

b)  In the section for SubjectAttributeDesignator (lines 2268 - 2310), there
is no mention of a bag returned containing the values even for a categorized
subject.  Does this imply a different processing requirement for

2)  Can an element be defined directly with the type AttributeDesignatorType
or was the intention that this complex type definition serve only as the
root of a type hierarchy?

3)  Lines 2445 - 2454 define processing rules that relate to the
MustBePresent attribute of an AttributeSelector, including the required
status code.  No such constraint on the required status code is listed in
lines 2264 - 2266 for AttributeDesignators.  Should there mandatory status
codes specified?

4)  Line 2707 indicates that the data type of the AttributeValue MAY be
specified by using the DataType attribute of the parent Attribute element.
However, line 2683 indicates that DataType xml attribute of an Attribute
element is mandatory.  Is this a contradiction?

5)  AttributeValueType.  Lines 2456 - 2469 indicate that a DataType URI is a
required xml attribute required for the complex type in the xacml namespace.
Lines 2696 - 2708 indicate do not define such a required xml attribute for
the AttributeValueType in the xacml-context namespace.  Lines 3448 - 2469 of
the Appendix state that an XACML <AttributeValue> element MAY contain an
instance of a structured XML data type. Lines 3524 - 3525 says "The
<AttributeValue> element SHALL represent an explict value of a primitive
type.  The example shows the use of an Attribute value element as the child
of the <Apply> element.   Lines 3534 - 3535 states "The
<AttributeDesignator> and <AttributeSelector> elements SHALL evaluate to a
bag of a specific primitive type. Do these different characterizations

6)  Is it reasonable to state that a named attribute appears in the context
of Policy syntax but not Context syntax?

7)  Is the string equality requirement listed on line 2999 the string
equality function defined at line 3643?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]