OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Text on multi-valued attributes in draft-4


Tim - 
Thanks for the update.

As per paragraph 3 referring to lines 2196-2201, I don't believe that a
change in definition is necessary, I just want to confirm that the intended
schema approach for the StatusDetailType complexType was to specifically NOT
define a content model in  which xacml-context:Attribute is a child element.
Rather, the intention is that <xs:any namespace="##any"...> permits the
inclusion of <xacml-context:Attribute> elements by  the PDP without failing
validation.

Within the SAML TC there has been much discussion over the impact on
validation by some XML processors with processContents="lax" when a NS
qualified element is present.  Is that a consideration here?


Rebekah

On 1/21/04 10:56, "Tim Moses" <tim.moses@entrust.com> wrote:

> Rebekah - Look for resolution of these in WD 05.  I have not tackled your
> question in para 3, below.  The XACML status detail element is modeled on
> the SAML equivalent.  If you want to propose a change to the definition, I
> think it should be raised as a an XACML v2.0 issue.  All the best.  Tim.
> 
> -----Original Message-----
> From: Rebekah Lepro [mailto:rlepro@arc.nasa.gov]
> Sent: Thursday, January 08, 2004 12:02 PM
> To: xacml
> Subject: [xacml] Text on multi-valued attributes in draft-4
> 
> 
> As I mentioned in yesterday's email, I've been attempting to review the use
> of Attribute in the current specification with a fine-tooth comb - hence
> some of my questions from yesterday.  After the call this morning, I thought
> it would be beneficial to post some comments on current text changes (with
> line numbers from oasis-xacml-2_0-core-spec-wd-04.pdf) that I've
> accumulated.
> 
> 
> For clarity on lines 2021-2024, I'd suggest placing meta-data first as well
> as inserting 'one or more': "The <Attribute> element is the central
> abstraction of the request context. It contains attribute meta-data and one
> or more attribute values..."
> 
> 2196-2201:  Why is there no  sequence of xacml-context:Attribute elements
> that are defined as elements in StatusDetailType?  Also, if any
> AttributeValues are listed, is that listing considered complete or simply a
> subset the PDP chooses to return
> 
> Line 2443:  AttributeValue is not a URI, but the way the section on
> extensibility reads, it seems as though it should be.
> 
> Finally,
> 
> I didn't see text that outlines that
> <Attribute attributeid="XX" datatype="YY">
> <AttributeValue>1</AttributeValue>
> <AttributeValue>2</AttributeValue>
> </Attribute> 
> is a syntactic shortcut for representing:
> <Attribute attributeid="XX" datatype="YY">
> <AttributeValue>1</AttributeValue>
> </Attribute>
> <Attribute attributeid="XX" datatype="YY">
> <AttributeValue>2</AttributeValue>
> </Attribute> with
> 
>> From my notes from the last face to face, clarifying this point in the
> specification seemed important.  I was looking for text along the lines of:
> 
> "If a single <Attribute> element in a request context contains multiple
> <AttributeValue> child elements, the bag of values resultant from evaluation
> must be equivalent to an evaluation of a context in which each
> <AttributeValue> element appears within separate <Attribute> elements that
> carry identical meta-data."
> 
> 
> I was assuming this text should go with the section that outlines the
> functional requirements on context evaluation to return a single bag
> containing all the matching values from the <AttributeValue> elements that
> are matched to a named attribute or selected by an AttributeSelector.
> 
> 
> Rebekah
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster of the
> OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p
> hp.
> 
> To unsubscribe from this mailing list (and be removed from the roster of the
> OASIS TC), go to 
> 
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php>
.
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]