[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Text on multi-valued attributes in draft-4
Tim - Thanks for the update. As per paragraph 3 referring to lines 2196-2201, I don't believe that a change in definition is necessary, I just want to confirm that the intended schema approach for the StatusDetailType complexType was to specifically NOT define a content model in which xacml-context:Attribute is a child element. Rather, the intention is that <xs:any namespace="##any"...> permits the inclusion of <xacml-context:Attribute> elements by the PDP without failing validation. Within the SAML TC there has been much discussion over the impact on validation by some XML processors with processContents="lax" when a NS qualified element is present. Is that a consideration here? Rebekah On 1/21/04 10:56, "Tim Moses" <tim.moses@entrust.com> wrote: > Rebekah - Look for resolution of these in WD 05. I have not tackled your > question in para 3, below. The XACML status detail element is modeled on > the SAML equivalent. If you want to propose a change to the definition, I > think it should be raised as a an XACML v2.0 issue. All the best. Tim. > > -----Original Message----- > From: Rebekah Lepro [mailto:rlepro@arc.nasa.gov] > Sent: Thursday, January 08, 2004 12:02 PM > To: xacml > Subject: [xacml] Text on multi-valued attributes in draft-4 > > > As I mentioned in yesterday's email, I've been attempting to review the use > of Attribute in the current specification with a fine-tooth comb - hence > some of my questions from yesterday. After the call this morning, I thought > it would be beneficial to post some comments on current text changes (with > line numbers from oasis-xacml-2_0-core-spec-wd-04.pdf) that I've > accumulated. > > > For clarity on lines 2021-2024, I'd suggest placing meta-data first as well > as inserting 'one or more': "The <Attribute> element is the central > abstraction of the request context. It contains attribute meta-data and one > or more attribute values..." > > 2196-2201: Why is there no sequence of xacml-context:Attribute elements > that are defined as elements in StatusDetailType? Also, if any > AttributeValues are listed, is that listing considered complete or simply a > subset the PDP chooses to return > > Line 2443: AttributeValue is not a URI, but the way the section on > extensibility reads, it seems as though it should be. > > Finally, > > I didn't see text that outlines that > <Attribute attributeid="XX" datatype="YY"> > <AttributeValue>1</AttributeValue> > <AttributeValue>2</AttributeValue> > </Attribute> > is a syntactic shortcut for representing: > <Attribute attributeid="XX" datatype="YY"> > <AttributeValue>1</AttributeValue> > </Attribute> > <Attribute attributeid="XX" datatype="YY"> > <AttributeValue>2</AttributeValue> > </Attribute> with > >> From my notes from the last face to face, clarifying this point in the > specification seemed important. I was looking for text along the lines of: > > "If a single <Attribute> element in a request context contains multiple > <AttributeValue> child elements, the bag of values resultant from evaluation > must be equivalent to an evaluation of a context in which each > <AttributeValue> element appears within separate <Attribute> elements that > carry identical meta-data." > > > I was assuming this text should go with the section that outlines the > functional requirements on context evaluation to return a single bag > containing all the matching values from the <AttributeValue> elements that > are matched to a named attribute or selected by an AttributeSelector. > > > Rebekah > > > To unsubscribe from this mailing list (and be removed from the roster of the > OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p > hp. > > To unsubscribe from this mailing list (and be removed from the roster of the > OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php> . >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]