[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] URI-match function ... default ports
good question! the proposal that we are condisidering separates the host from its resouce (with the port information being a resource component). semantically this requires port information be considered in the matching expression so http://www.acme.com/bakery does not match http://www.acme.com:80/bakery unless the resource aspect of the matching expression explicitly allows it, for example something like this: <Resource ...> <AttributeValue>http://www.acme.com</AttributeValue> <...> <AttributeValue>(:80)?\/bakery</AttributeValue> that said, the context handler could (and probaly should) explictly state the port used for the access request. of course for this to work it implies that policy writers either know their IANA port numbering (ahem) or the human interface performs the mapping and policy validation process enforce same... all of which are like to be catergorized as implementational considerations and are therefore out of the scope of the spec (making me think that this topic is driving us to a profile to do this right). b Gene Thurston wrote: > Good morning, all. > > I have been following the discussion about the URI-match function and > was wondering if anyone has given any thought to the "default > ports/schemes" issue. For instance, would you consider the following > two URIs to be "equal", or to "match"? > > http://www.acme.com/bakery > http://www.acme.com:80/bakery > > Since port 80 is the default port for the "http" scheme, it seems to me > that these should, in fact, "match". Likewise, port 443 is the default > for "https", 21 is default for "ftp", etc. I haven't seen any > discussion of this on the group, and wanted to see what folks think. > > Thanks, > > Gene Thurston > AmberPoint, Inc.