[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Updating XACML 2.0 conformance tests to meet errata
Hi Rich, I agree with the first change, but not the second. For the "xpath-node-equal" function, the order should be irrelevant. If any of the nodes in the set returned by the first argument match any of the nodes returned in the second set then the function is true; the "any of" condition is for both sets. For the "xpath-node-match" function, the order is important as we're checking equality for the nodes in the first set AND any of their children. The description given in the spec indicates that the first set is the "big" set, and we want to see if any of the individual nodes returned in the second set match ANY of the nodes in the first set including children. These semantics appear to be followed by the conformance tests, so I'm not sure what change would be made? Take test IIIG005: <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:xpath-node-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> //*[local-name()='Resource'][namespace-uri()='urn:oasis:names:tc:xacml:2.0:context:schema:os'] </AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> //*[local-name()='Subject'][namespace-uri()='urn:oasis:names:tc:xacml:2.0:context:schema:os']/*[local-name()='Attribute'][namespace-uri()='urn:oasis:names:tc:xacml:2.0:context:schema:os'] </AttributeValue> </Apply> </Condition> From my reading, this is stating that if any of the <Attribute> elements in the <Subject> (the second statement) are equal to the <Resource> element(s) or any of it's children (the first statement) then return true. This is not true for the request given, so the expected result is NotApplicable. If my understanding is right, then the specification and the conformance tests are in alignment and no change needs to be made. Regards, Craig --------------------------------------------------------------- Craig Forster Software Engineer IBM Australia Development Labs Argus == https://w3.webahead.ibm.com/w3ki/display/commonauthz/Home Blog == http://blogs.tap.ibm.com/weblogs/craigforster/ --------------------------------------------------------------- From: "Rich.Levinson" <rich.levinson@oracle.com> To: Craig Forster/Australia/IBM@IBMAU Cc: XACML TC <xacml@lists.oasis-open.org> Date: 02/05/2008 12:23 Subject: Re: [xacml] Updating XACML 2.0 conformance tests to meet errata Hi Craig, Since you are looking at the conformance tests, I was wondering if you could check out this request that came in the comments list - see attached email. The first suggestion looks like a simple errata fix, but I looked at the 2nd and it has to do with the order of the arguments. It wasn't clear to me that the order was wrong (i.e. the writer says that first and second should be switched in core spec based on what he sees in conf tests.) In any event, only suggesting if you have time and are already familiar with the tests the writer is referring to, i.e. quick check if writer is correct and core spec needs errata, and if so we can submit as issue to handle by editors. Thanks, Rich Craig Forster wrote: Hi all, I've gone ahead and updated the conformance tests for the dayTimeDuration and yearMonthDuration DataType changes ONLY. The attached .ziparchive file includes only the files that have changed. (See attached file: conformance-updates.ziparchive) Here is a list of the changed files: conformance/policy/IIC102Policy.xml conformance/policy/IIC103Policy.xml conformance/policy/IIC104Policy.xml conformance/policy/IIC105Policy.xml conformance/policy/IIC106Policy.xml conformance/policy/IIC107Policy.xml conformance/policy/IIC150Policy.xml conformance/policy/IIC151Policy.xml conformance/policy/IIC152Policy.xml conformance/policy/IIC153Policy.xml conformance/policy/IIC154Policy.xml conformance/policy/IIC155Policy.xml conformance/policy/IIC156Policy.xml conformance/policy/IIC157Policy.xml conformance/policy/IIC231Policy.xml conformance/policy/IIC232Policy.xml conformance/request/IIC150Request.xml conformance/request/IIC151Request.xml conformance/request/IIC152Request.xml conformance/request/IIC153Request.xml conformance/request/IIC154Request.xml conformance/request/IIC155Request.xml conformance/request/IIC156Request.xml conformance/request/IIC157Request.xml conformance/request/IIC231Request.xml conformance/request/IIC232Request.xml Regards, Craig --------------------------------------------------------------- Craig Forster Software Engineer IBM Australia Development Labs Argus == https://w3.webahead.ibm.com/w3ki/display/commonauthz/Home Blog == http://blogs.tap.ibm.com/weblogs/craigforster/ --------------------------------------------------------------- From: Craig Forster/Australia/IBM@IBMAU To: XACML TC <xacml@lists.oasis-open.org> Date: 01/05/2008 09:58 Subject: [xacml] Updating XACML 2.0 conformance tests to meet errata Hi all, Are there any plans to update the XACML 2.0 conformance test suite to meet the errata? The primary issue that I'm seeing is the change of the dayTimeDuration and yearMonthDuration DataType URIs, for example from "http://www.w3.org/TR/2002/WD-xquery-operators-20020816#dayTimeDuration" to "urn:oasis:names:tc:xacml:2.0:data-type:dayTimeDuration". These URI changes cause 16 of the conformance tests to fail. If the TC approves, I'm more than happy to update the conformance tests myself. Regards, Craig --------------------------------------------------------------- Craig Forster Software Engineer IBM Australia Development Labs Argus == https://w3.webahead.ibm.com/w3ki/display/commonauthz/Home Blog == http://blogs.tap.ibm.com/weblogs/craigforster/ --------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php ----- Message from Oleg Gryb <oleg_gryb@yahoo.com> on Sun, 27 Apr 2008 23:04:48 -0700 (PDT) ----- To: xacml-comment@lists.oasis-open.org Subject: [xacml-comment] XACML 2.0: Discrepancies Please take a look, I think it needs to be fixed in errata ... 1.Page 70: “urn:oasis:names:tc:xacml:2.0:resource:resource-id” Everywhere else the URI for resource-id is: urn:oasis:names:tc:xacml:1.0:resource:resource-id 2. Please also check the definitions of xpath-node-equal and xpath-node-match functions at page 126. I got an impression from examples and conformance tests that the "first" and "second" arguments are swithced. The correct description for xpath-node-equal: This function SHALL take two “http://www.w3.org/2001/XMLSchema#string” arguments, which SHALL be interpreted as XPath expressions, and SHALL return an “http://www.w3.org/2001/XMLSchema#boolean”. The function SHALL return "True" if any of the XML nodes in the node-set matched by the SECOND argument equals, according to the “op:node-equal” function [XF Section 13.1.6], any of the XML nodes in the node-set matched by the FIRST argument. ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- This publicly archived list offers a means to provide input to the OASIS eXtensible Access Control Markup Language (XACML) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: xacml-comment-subscribe@lists.oasis-open.org Unsubscribe: xacml-comment-unsubscribe@lists.oasis-open.org List help: xacml-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/xacml-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]