xacml message

Subject: conformance tests, datatype in attribute value elements of Request.xml files to be removed

From: Argyn <jawabean@gmail.com>
To: xacml@lists.oasis-open.org
Date: Tue, 20 Sep 2005 12:54:57 -0400

Hello,

Summary: I think that I'm going to remove DataType attributes in Request.xml files from conformance tests. They pass schema validation, because schema allows them. However, they can potentially create confusion if the data types do not match between Attribute and its children AttributeValue elements.
Also, the spec document defines that types should be in the parent Attribute element.

Explanation:

in some conformance tests, we have datatype attribute in AttributeValue elemnts. The xacml 2.0 schema doesn't specify exactly what should be in AttributeValue elements:
========
    <xs:complexType name="AttributeValueType" mixed="true">
        <xs:sequence>
            <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
        </xs:sequence>
        <xs:anyAttribute namespace="##any" processContents="lax"/>
    </xs:complexType>
========

However, the current spec document has this in chapter 6.8:
=============
3043 The data-type of the <xacml-context:AttributeValue> SHALL be specified by using the
3044 DataType attribute of the parent <Attribute> element.
=============

Here's an example conformance test, look at the duration attribute values:

========== IIC154Request.xml
<?xml version="1.0" encoding="UTF-8"?>
<Request
      xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
        urn:oasis:names:tc:xacml:2.0:context:schema:os.xsd">
    <Subject>
        <Attribute
              AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
              DataType="http://www.w3.org/2001/XMLSchema#string">
            <AttributeValue>Julius Hibbert</AttributeValue>
        </Attribute>
        <Attribute
              AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:test-attr"
              DataType="http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration">
            <AttributeValue
                  DataType="http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration">-P5Y3M</AttributeValue>
        </Attribute>
    </Subject>
    <Resource>
        <Attribute
              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
              DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <AttributeValue>http://medico.com/record/patient/BartSimpson</AttributeValue>
        </Attribute>
    </Resource>
    <Action>
        <Attribute
              AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
              DataType="http://www.w3.org/2001/XMLSchema#string">
            <AttributeValue>read</AttributeValue>
        </Attribute>
    </Action>
</Request>
==========

thanks,
Argyn

Follow-Ups:
- Re: [xacml] conformance tests, datatype in attribute value elements ofRequest.xml files to be removed
  - From: Seth Proctor <Seth.Proctor@sun.com>

References:
- Issues for next draft?
  - From: Erik Rissanen <mirty@sics.se>
- errata to xacml 2.0 spec?
  - From: Argyn <jawabean@gmail.com>
- Re: [xacml] errata to xacml 2.0 spec?
  - From: Polar Humenn <polar@syr.edu>