OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] URI-match function ... default ports

good question! the proposal that we are condisidering separates the host from 
its resouce (with the port information being a resource component). semantically 
this requires port information be considered in the matching expression so


does not match


unless the resource aspect of the matching expression explicitly allows it, for 
example something like this:

   <Resource ...>

that said, the context handler could (and probaly should) explictly state the 
port used for the access request.  of course for this to work it implies that 
policy writers either know their IANA port numbering (ahem) or the human 
interface performs the mapping and policy validation process enforce same... all 
of which are like to be catergorized as implementational considerations and are 
therefore out of the scope of the spec (making me think that this topic is 
driving us to a profile to do this right).


Gene Thurston wrote:

> Good morning, all.
> I have been following the discussion about the URI-match function and
> was wondering if anyone has given any thought to the "default
> ports/schemes" issue.  For instance, would you consider the following
> two URIs to be "equal", or to "match"?
> 	http://www.acme.com/bakery
> 	http://www.acme.com:80/bakery
> Since port 80 is the default port for the "http" scheme, it seems to me
> that these should, in fact, "match".  Likewise, port 443 is the default
> for "https", 21 is default for "ftp", etc.  I haven't seen any
> discussion of this on the group, and wanted to see what folks think.
> Thanks,
> Gene Thurston
> AmberPoint, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]