[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 40: <ResourceContent> element
All, I’ve been editing the 3.0 core and I have found a small problem with the proposal Daniel made for the ResourceContent element. See issue 40 on the issues list. If I understand the proposal correctly, the <ResourceContent> element which used to be in the <Resource> element of the request context is replaced with a number of <Content> elements directly in the <Request> element. This is not quite backwards compatible with 2.0 and the multiple resources profile. The multiple resources profile allows multiple <Resource> elements, which may contain <ResourceContent> elements: <Request> ... <Resource> ... <ResourceContent>...</ResourceContent> </Resource> <Resource> ... <ResourceContent>...</ResourceContent> </Resource> ... </Request> If we follow the current proposal, this becomes: <Request> ... <Attributes Category=”...:resource> ... </Resource> <Attributes Category=”...:resource> ... </Resource> ... <Content>...</Content> <Content>...</Content> </Request> and the connections to the specific resources are lost. Instead I suggest that we place the <Content> element inside the <Attributes> element: <Request> ... <Attributes Category=”...:resource> ... <Content>...</Content> </Resource> <Attributes Category=”...:resource> ... <Content>...</Content> </Resource> ... </Request> In this case it is simpler to provide backwards compatibility. BTW, talking about backwards compatibility of attribute selectors, translating 2.0 policies into 3.0 means rewriting the xpath expressions in attribute selectors since the <Resource> element is now called <Attributes>. Are there any concerns about this? For simple expressions it is obvious how to do it, but what about in general? Another minor issue is that the schema which Daniel wrote earlier does not allow anyAttribute on the Content element, which the old one did. This could be a problem with backwards compatibility, so I suggest we allow that. Finally, I think the examples in the 2.0 spec are wrong. On page 31, line a217 the xpath expression looks like “//xacml-context:Resource/….” while it on page 34, line a290 looks like “//md:record/…”. As far as I can tell, the latter is wrong. Right? Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]