[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] XPath/AttributeSelector question
Thanks for your comments on this issue! A few comments/questions: On Thu, 2004-05-06 at 21:00, Satoshi Hada wrote: > >> the term "context node" this means not only that the > >> Request element is the root of the XPath query, but that the > Request > >> element also provides all namespace information. Is this correct? > > I don't think the term has some implication about how or where we need > to provide namespace-related information, > in particular, where we specify the required PREFIX-to-URI mapping > (But I may be wrong). Ok. Since I didn't see any text elsewhere in the specification about namespace mapping, I wasn't sure if the intent of the term "context node" was to define the mapping or not. Thanks. > Please see the mails with the title "Test cases for Attribute > Selector" for related discussion. > http://lists.oasis-open.org/archives/xacml-comment/200303/maillist.html Right, this raises a similar question to mine, but it doesn't lead to a resolution. Has this issue been discussed in the TC before? Was there concensus on namespace resolution? I think it would be a good idea to make this clearer in 2.0 so there's no ambiguity about namespace handling. > I have two comments on this issue. > > (A) > Personally, I feel the namespace information (xmlns attributes) > required to resolve an XPath expression > should be provided in policies but not in request contexts since > attribute selectors (and XPath expressions) are specified in policies > but not in request contexts. If a policy specifies an XPath expression > (e.g. /md:record) in an attribute selector but > provides no namespace information (no "xmlns:md" attribute), then I > think the policy is ambiguous by itself. That sounds fine to me. The problem I was having is that I don't see anything in the specification that makes this clear. Am I just missing that text? :) If not, I think it would be a good idea to clarify this in XACML 2.0. > (B) > There is no reason why we must use the same namespace prefix to > represent a namespace URI > in policies and request contexts. > Take for example the IIF007 testcase. The policy and request use the > same prefix "md". > However, I believe that it should work even if the policy and reqeust > use two different prefixes: > 1) In IIIF007Policy.xml, replace the prefix "md" with a different one > (e.g. "medical"), but > 2) In IIIF007Request.xml, leave the prefix "md" as it is. > Note that the two prefixes still represent the same URI. > In this case, information required to resolve the "medical" prefix > should be provided in IIIF007Policy.xml > and information required to resolve the "md" prefix should be provided > in IIIF007Request.xml I agree. This makes complete sense, especially given your comment A above. > From my perspective, IIIF002Request.xml does not need to have the > "xmlns:md" attribute since > it does not use the prefix "md" in it (even though IIIF002Policy.xml > uses it). Agreed. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]