[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] New Functionx for XACML 3.0
Hi Daniel, Perhaps there's value in defining some to generic way to call XPath 2.0 functions in an XACML policy? However, I think most of the XPath 2.0 functions already have equivalents in XACML 2.0, so it's probably easier just to extend the XACML functions to fill in the gaps. >> I am not sure what an "integer-contains" function would mean. By <type> in my original email I mean just "string" and "uri". Regards, Craig --------------------------------------------------------------- Craig Forster Software Engineer Australia Development Lab - Tivoli Gold Coast (O) +61 07 5552 4051 http://ausgsa.ibm.com/projects/a/argus/public --------------------------------------------------------------- From: "Daniel Engovatov" <dengovatov@bea.com> To: Craig Forster/Australia/IBM@IBMAU, "XACML TC" <xacml@lists.oasis-open.org> Date: 10/05/2007 04:53 AM Subject: RE: [xacml] New Functionx for XACML 3.0 How about we pick up the string handling functions from XPath 2.0 function library? That may simplify implementation. We would need to generalize its semantics to deal with XACML data model, but the basic functionality (and names) should be similar. I am not sure what an "integer-contains" function would mean. Daniel; -----Original Message----- From: Craig Forster [mailto:cforster@au1.ibm.com] Sent: Wednesday, October 03, 2007 9:09 PM To: XACML TC Subject: [xacml] New Functionx for XACML 3.0 I'd like to propose a number of new functions for the 3.0 release of XACML. The new functions in the current 3.0 draft are predominantly conversion functions, such as "boolean-to-string". I think we should take the opportunity to add some string manipulation functions that have simple mappings to underlying functions in common programming languages. For example, "string-starts-with" and "string-ends-with". At the moment this functionality can be only implemented using regular expressions, which is computationally expensive, or non-standard functions such as those available in BEA's WebLogic Server (http://edocs.bea.com/wls/docs92/secwlres/xacmlref.html#wp1097027). As a starting point, I'd like to propose the following functions: - <type>-starts-with - <type>-ends-with - <type>-contains - <type>-substring - string-equal-ignore-case Where <type> is either string or anyURI. Regards, Craig --------------------------------------------------------------- Craig Forster Software Engineer Australia Development Lab - Tivoli Gold Coast (O) +61 07 5552 4051 --------------------------------------------------------------- Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]