OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AttributeAssignment clarification



[I think I checked on this a while back, but now I can't find the
message, so I'm checking again.]

The AttributeAssignment tag in Obligation extends AttributeValue. This
means that it's legal to say

  <AttributeAssignment DataType="...:integer"
                       AttributeId="foo">42</AttributeAssignment>

and

  <AttributeAssignment DataType="...:string" AttributeId="foo">
    <AttributeValue DataType="...:string">hi</AttributeValue>
  </AttributeAssignment>

Now, a PDP isn't supposed to understand the meaning of the contents of
the assignment, but because the assignment _is_ an AttributeValue, the
contents must be able to be parsed and handled as any other value. So, I
believe that the first form I gave above is correct if you want to
specify a simple value in an assignment, while the second form should
only be used if you're specifying complex content for the PEP to
process. Does that sound right to everyone?

In other words, the DataType XML attribute in AttributeAssignment
defines the type of the value inside the AttributeAssignment tags,
exactly as AttributeValue is defined. If you want to then use complex
content, like AttributeValue, SubjectAttributeDesignator, or anything
else, then that's fine as long as it's legal by the assignment's
DataType. By this reasoning, this

  <AttributeAssignment DataType="...:integer" AttributeId="foo">
    <AttributeValue DataType="...:integer">42</AttributeValue>
  </AttributeAssignment>

is _illegal_ because the contents of the AttributeAssignment cannot be
interpreted as an integer.


seth



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]