Subject: RE: [xacml] Need regexp-uri-match function
Anne - This sounds like a good idea. Presumably, we need the same for regex-dnsName-match and regex-ipaddress-match. All the best. Tim. -----Original Message----- From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] Sent: Thursday, July 29, 2004 2:28 PM To: XACML TC Subject: [xacml] Need regexp-uri-match function If we are going to use our existing "regexp-string-match" function to compare URIs, that means the DataType of the Attribute whose value is a URI must be "#string". This means you can't mix constraints that use the existing "#anyURI-equal" function with constraints that use the "regexp-string-match" matching on the same "URI" AttributeValue. I think this means we do away with the "#anyURI" DataType, and would have to express all URIs as "#string". Otherwise, the Request may ask for a resource using "#anyURI", while the policy constrains the resource using "regexp-string-match", or vice versa. It also means you can't have two values for the same Attribute, one that is a URI and the other that is a string, and be able to distinguish them by DataType. I think all these are bad. I suggest we create a new function called "urn:oasis:names:tc:xacml:2.0:function:regexp-uri-match" that takes two arguments. The first argument SHALL be DataType "#string" and SHALL contain a regular expression. The second argument SHALL be DataType "#anyURI" and SHALL specify a URI value to be matched. The implementation of the function can be the same as the implementation of "regexp-string-match", just that the second argument value is treated as a string even though its DataType is "#anyURI". Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p hp.