[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] XACML Profile for Hierarchical Resources, WD 8
Couple comments 1. For the non XML hierarchy, we either need to add to the definition of the resource-ancestor, that it does include the resource-id of the resource itself. It is important for the use case of policies applicable to a resource itself and all its children: so you do not need to write two rules. OR (probably preferably, as it fits along with XQuery/XPath axes definitions): add definition for urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self "For each ancestor of the node specified in the "resource-id" attribute or attributes, and for each normative representation of that ancestor node, an <Attribute> element with AttributeId "urn:oasis::names:tc:xacml:2.0:resource:resource-ancestor-or-self". The <AttributeValue> of this <Attribute> SHALL be the result of applying urn:oasis:names:tc:xacml:1.0:function:type-union function to the contents of "resource-id" and "resource-ancestor" attributes, where the "type" is selected according to the used datatype of those attributes." 2. We need to mention in the definition of "resource-ancestor", that it can not be guaranteed to be computed by recursively combining "resource-parent" values. Parent of a parent is not necessarily defined as an ancestor in our case (this is to avoid circular reference and other problems). That may seem odd, but we should not impose unnecessary requirements on the structure. Daniel; -----Original Message----- From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] Sent: Tuesday, September 14, 2004 10:29 AM To: XACML TC Subject: [xacml] XACML Profile for Hierarchical Resources, WD 8 Colleagues, I have entered a new draft of the Profile for Hierarchical Resources into the repository. The link on our TC web page now points to it. The changes since the previous draft are: In response to Michiharu's comment in http://lists.oasis-open.org/archives/xacml/200409/msg00002.html - Add clarifying paragraph to the introduction explaining that a hierarchical resource may be "represented" as an XML document even if it physically is not an XML document; likewise, an XML document resource may be "represented" as a non-XML hierarchy. - Change all instances of "XML document resource" to "a resource represented as an XML document" (the exact wording varies depending on the context) I also re-inserted the definition of xpath-expression DataType, since it is no longer in the XACML core spec. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro up.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]