[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft
exactly. so at the risk of sounding obtuse, aren't you just using an existing function to match XPath on <md:PatientName> and <md:Physician> combining the input with an OR function? (which is how i was thinking this would be handled in my previous note). how does this introduce the 'hierarchical resource' mechanics? or more precisely, how does this affect michiharu's proposal? sorry, i but i am missing the connection. this is why i asked the initial question; it seems to me that 'hierarchical resources' are by definition something that needs to be treated iteratively. thanks b Anne Anderson wrote: > Request: > <Subject>subject-id="Anne Anderson"</Subject> > <Resource>resource-id="http://www.medco.com/patient-records/Record0001.xml" > <ResourceContent> > <md:Record> > <md:PatientName>Anne Anderson</md:PatientName> > <md:Physician>Dr. Doofus</md:Physician> > <md:Diagnosis>sick</md:Diagnosis> > </md:Record> > </ResourceContent> > </Resource> > <Action>action-id="read"</Action> > > <Policy PolicyId="Anne's example" CombiningAlgorithm="whatever"> > <Target> > <Resource MatchId="anyURI-match"> > <AttributeValue > DataType="anyURI">http://www.medco.com/patient-records/Record0001.xml</AttributeValue> > <ResourceAttributeDesignator > AttributeId="resource-id" > DataType="anyURI"/> > </Resource> > </Target> > <Rule Effect="Permit"> > <Condition FunctionId="or"> > <Apply FunctionId="string-match"> > <AttributeSelector > RequestContextPath="//Resource/ResourceContent/md:Record/md:PatientName/text()" > DataType="string"/> > <SubjectAttributeDesignator > AttributeId="subject-id" > DataType="string"/> > </Apply> > <Apply FunctionId="string-match"> > <AttributeSelector > RequestContextPath="//Resource/ResourceContent/md:Record/md:Physician/text()" > DataType="string"/> > <SubjectAttributeDesignator > AttributeId="subject-id" > DataType="string"/> > </Apply> > <Apply FunctionId="string-match"> > <AttributeValue > DataType="string">urn:medco:role:Administrator</AttributeValue> > <SubjectAttributeDesignator > AttributeId="role" > DataType="anyURI"/> > </Apply> > </Condition> > </Rule> > </Policy>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]