[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Need regexp-uri-match function. Forwarded message firstname.lastname@example.org.
--- Begin Message ---
- From: email@example.com
- To: Anne.Anderson@Sun.COM
- Date: Fri, 30 Jul 2004 11:14:08 -0700 (PDT)post away; i don't have access to my company mai lthis week and have the xacml stuff forwarded to my personal account. the best place to find escaped chars will be one of the URx RFCs. i suspect that any of them will reference the use of character set expansion. b > On 30 July, firstname.lastname@example.org writes: Re: [xacml] Need regexp-uri-match > function > > From: email@example.com > > To: Anne.Anderson@Sun.COM > > Subject: Re: [xacml] Need regexp-uri-match function > > Date: Fri, 30 Jul 2004 05:13:27 -0700 (PDT) > > > > seems reasonable to me. we may want to make a comment that it be > converted > > to #string when compared. i don't think there are any constraints on > > #string that are not there for URI, but you never know...actually, now > > that i think of it we might want to suggest that the uri be normalized > > (replace '%20' with ' ', etc.) to ease comparison, but that is easily > done > > programaitcally. > > There is a set of normalizations for URIs specified in the > Hierarchical Resources Profile - the section on identity > representation for non-XML resources. I did not include '%20' > etc. replacements there, but I should. Do you have any reference > for a list of such "special characters" used in URIs? > > Anyway, if we can come up with a good list, we could use it both > places. > > OK if I post this to the list? > > Anne > > other than that, it works for me... > > > > > > b > > > > > If we are going to use our existing "regexp-string-match" > > > function to compare URIs, that means the DataType of the > > > Attribute whose value is a URI must be "#string". > > > > > > This means you can't mix constraints that use the existing > > > "#anyURI-equal" function with constraints that use the > > > "regexp-string-match" matching on the same "URI" AttributeValue. > > > I think this means we do away with the "#anyURI" DataType, and > > > would have to express all URIs as "#string". Otherwise, the > > > Request may ask for a resource using "#anyURI", while the policy > > > constrains the resource using "regexp-string-match", or vice > > > versa. > > > > > > It also means you can't have two values for the same Attribute, > > > one that is a URI and the other that is a string, and be able to > > > distinguish them by DataType. > > > > > > I think all these are bad. > > > > > > I suggest we create a new function called > > > "urn:oasis:names:tc:xacml:2.0:function:regexp-uri-match" that > > > takes two arguments. The first argument SHALL be DataType > > > "#string" and SHALL contain a regular expression. The second > > > argument SHALL be DataType "#anyURI" and SHALL specify a URI > > > value to be matched. > > > > > > The implementation of the function can be the same as the > > > implementation of "regexp-string-match", just that the second > > > argument value is treated as a string even though its DataType is > > > "#anyURI". > > > > > > Anne > > > -- > > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > > Sun Microsystems Laboratories > > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > > > > To unsubscribe from this mailing list (and be removed from the roster > of > > > the OASIS TC), go to > > > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. > > > > > > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 >--- End Message ---
-- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692