OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml] New Functionx for XACML 3.0


Hi Daniel,

Perhaps there's value in defining some to generic way to call XPath 2.0
functions in an XACML policy?  However, I think most of the XPath 2.0
functions already have equivalents in XACML 2.0, so it's probably easier
just to extend the XACML functions to fill in the gaps.

>> I am not sure what an "integer-contains" function would mean.

By <type> in my original email I mean just "string" and "uri".

Regards,
Craig

---------------------------------------------------------------
Craig Forster
Software Engineer
Australia Development Lab - Tivoli Gold Coast
(O) +61 07 5552 4051
http://ausgsa.ibm.com/projects/a/argus/public
---------------------------------------------------------------


                                                                                                                                  
  From:       "Daniel Engovatov" <dengovatov@bea.com>                                                                             
                                                                                                                                  
  To:         Craig Forster/Australia/IBM@IBMAU, "XACML TC" <xacml@lists.oasis-open.org>                                          
                                                                                                                                  
  Date:       10/05/2007 04:53 AM                                                                                                 
                                                                                                                                  
  Subject:    RE: [xacml] New Functionx for XACML 3.0                                                                             
                                                                                                                                  





How about we pick up the string handling functions from XPath 2.0
function library?    That may simplify implementation.
We would need to generalize its semantics to deal with XACML data model,
but the basic functionality (and names) should be similar.

I am not sure what an "integer-contains" function would mean.

Daniel;

-----Original Message-----
From: Craig Forster [mailto:cforster@au1.ibm.com]
Sent: Wednesday, October 03, 2007 9:09 PM
To: XACML TC
Subject: [xacml] New Functionx for XACML 3.0

I'd like to propose a number of new functions for the 3.0 release of
XACML.
The new functions in the current 3.0 draft are predominantly conversion
functions, such as "boolean-to-string".

I think we should take the opportunity to add some string manipulation
functions that have simple mappings to underlying functions in common
programming languages.  For example, "string-starts-with" and
"string-ends-with".  At the moment this functionality can be only
implemented using regular expressions, which is computationally
expensive,
or non-standard functions such as those available in BEA's WebLogic
Server
(http://edocs.bea.com/wls/docs92/secwlres/xacmlref.html#wp1097027).

As a starting point, I'd like to propose the following functions:
 - <type>-starts-with
 - <type>-ends-with
 - <type>-contains
 - <type>-substring
 - string-equal-ignore-case

Where <type> is either string or anyURI.

Regards,
Craig

---------------------------------------------------------------
Craig Forster
Software Engineer
Australia Development Lab - Tivoli Gold Coast
(O) +61 07 5552 4051
---------------------------------------------------------------


Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual or
entity named in this message. If you are not the intended recipient, and
have received this message in error, please immediately return this by
email and then delete it.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]