OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Need regexp-uri-match function

Anne - This sounds like a good idea.  Presumably, we need the same for
regex-dnsName-match and regex-ipaddress-match.

All the best.  Tim.

-----Original Message-----
From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
Sent: Thursday, July 29, 2004 2:28 PM
To: XACML TC
Subject: [xacml] Need regexp-uri-match function


If we are going to use our existing "regexp-string-match" function to
compare URIs, that means the DataType of the Attribute whose value is a URI
must be "#string".

This means you can't mix constraints that use the existing "#anyURI-equal"
function with constraints that use the "regexp-string-match" matching on the
same "URI" AttributeValue. I think this means we do away with the "#anyURI"
DataType, and would have to express all URIs as "#string".  Otherwise, the
Request may ask for a resource using "#anyURI", while the policy constrains
the resource using "regexp-string-match", or vice versa.

It also means you can't have two values for the same Attribute, one that is
a URI and the other that is a string, and be able to distinguish them by
DataType. 

I think all these are bad.

I suggest we create a new function called
"urn:oasis:names:tc:xacml:2.0:function:regexp-uri-match" that takes two
arguments.  The first argument SHALL be DataType "#string" and SHALL contain
a regular expression.  The second argument SHALL be DataType "#anyURI" and
SHALL specify a URI value to be matched.

The implementation of the function can be the same as the implementation of
"regexp-string-match", just that the second argument value is treated as a
string even though its DataType is "#anyURI".

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p
hp.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]