OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Condition and FunctionId attribute

On Mon, May 19, 2008 at 08:24:39PM +0200, Erik Rissanen wrote:
> Personally I think it is clear. Section 5.34 in the 2.0 specification 
> document states:
> The <Condition> contains one <Expression> element, with the restriction that 
> the
> <Expression> return data-type MUST be 
> “http://www.w3.org/2001/XMLSchema#boolean”.
> Evaluation of the <Condition> element is described in Section 7.8.

Yup, I agree that this makes it pretty explicit.

> It is clear from this text that it has to be a boolean. One part that is 
> perhaps unclear is what should happen if it is not a boolean. My 
> interpretation of this text is that the PDP should refuse to even load a 
> policy which does not follow this restriction, but I am not sure if 
> everybody would agree.

That's how I've also interpreted this case. The MUST above makes it pretty
clear, at least in my mind, that the policy is invalid if this restriction
is not met. What a given PDP implementation chooses to do with an invalid
policy is somewhat open to interpretation, but I think that's a more general
issue than something specific to this case. I'm with Erik in that I don't
think this requires changes to the spec.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]