[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for XACML 2.0 Work Item #62: "concatenate" functions
Proposal for XACML 2.0 Work Item #62: "concatenate" functions Contents ======== Problem statement Solution overview Proposed Functions Problem statement ================= One use case supplied by Daniel and described as "very common" follows: Policies may apply to resources whose identities are subject-specific instances of a given resource class. For example, each subject may have a unique home directory, but each subject will have a subdirectory named "private" in that home directory. The policy writer wants to allow subjects to access only their own "private" sub-directories. Solution overview ================= The proposed solution provides functions for concatenating AttributeValue values. As an example of using such a function, a policy might construct the resource to be protected by taking a PEP-supplied Subject Attribute for the "home directory" value with "/private". Even more generally, the policy might construct the directory path to be protected from the user's subject-id by concatenating "/home/", the subject-id, and "/private". Note that concatenation is not meaningful for all XACML data types. The two functions proposed below have clear applications and should be included in XACML 2.0. There may be other concatenation functions that should be defined in the future. Proposed Functions ================== A. urn:oasis:names:tc:xacml:2.0:function:string-concatenate This function SHALL take two or more arguments of data-type "http://www.w3.org/2001/XMLSchema#string" and SHALL return a "http://www.w3.org/2001/XMLSchema#string". The result SHALL be the concatenation, in order, of the arguments. B. urn:oasis:names:tc:xacml:2.0:function:url-string-concatenate This function SHALL take one argument of data-type "http://www.w3.org/2001/XMLSchema#anyURI" and one or more arguments of type "http://www.w3.org/2001/XMLSchema#string", and SHALL return a "http://www.w3.org/2001/XMLSchema#anyURI". The result SHALL be the URI constructed by appending, in order, the "string" arguments to the "anyURI" argument. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]