OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Issue 88, general xpath functions again

All,

I have not seen any more proposals for new functions, so I propose that 
the following is added to the next core 3.0 working draft:


urn:oasis:names:tc:xacml:2.0:function:string-starts-with

This function SHALL take two arguments of data-type 
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the first string begins with the second string, and false otherwise.


urn:oasis:names:tc:xacml:2.0:function:uri-starts-with

This function SHALL take a first argument of data-type  
"http://www.w3.org/2001/XMLSchema#anyURI"; and an a second argument of 
data-type "http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the URI converted to a string begins with the string, and false otherwise.

urn:oasis:names:tc:xacml:2.0:function:string-ends-with

This function SHALL take two arguments of data-type 
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the first string ends with the second string, and false otherwise.


urn:oasis:names:tc:xacml:2.0:function:uri-ends-with

This function SHALL take a first argument of data-type  
"http://www.w3.org/2001/XMLSchema#anyURI"; and an a second argument of 
data-type "http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the URI converted to a string ends with the string, and false otherwise.

urn:oasis:names:tc:xacml:2.0:function:string-contains

This function SHALL take two arguments of data-type 
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the first string contains the second string, and false otherwise.

urn:oasis:names:tc:xacml:2.0:function:uri-contains

This function SHALL take a first argument of data-type  
"http://www.w3.org/2001/XMLSchema#anyURI"; and an a second argument of 
data-type "http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the URI converted to a string contains the string, and false otherwise.

urn:oasis:names:tc:xacml:2.0:function:string-substring

This function SHALL take a first argument of data-type 
"http://www.w3.org/2001/XMLSchema#string"; and a second and a third 
argument of type "http://www.w3.org/2001/XMLSchema#integer"; and SHALL 
return a "http://www.w3.org/2001/XMLSchema#string";.  The result SHALL be 
the substring of the first argument beginning at the position given by 
the second argument and ending at the position before the position given 
by the third argument. The first character of the string has position zero.


urn:oasis:names:tc:xacml:2.0:function:uri-substring

This function SHALL take a first argument of data-type 
"http://www.w3.org/2001/XMLSchema#anyURI"; and a second and a third 
argument of type "http://www.w3.org/2001/XMLSchema#integer"; and SHALL 
return a "http://www.w3.org/2001/XMLSchema#string";.  The result SHALL be 
the substring of the first argument converted to a string beginning at 
the position given by the second argument and ending at the position 
before the position given by the third argument. The first character of 
the URI converted to a string has position zero.


urn:oasis:names:tc:xacml:2.0:function:string-equal-ignore-case

This function SHALL take two arguments of data-type 
"http://www.w3.org/2001/XMLSchema#string"; and SHALL return a 
"http://www.w3.org/2001/XMLSchema#boolean";.  The result SHALL be true if 
the first string equals the second string when character case is 
ignored, and false otherwise.


Open issues:

- Could we live without the URI-variants since there is an URI to string 
conversion function in 3.0?

- Would we like to overload the substring functions such that a negative 
index indicated the beginning/end of the string? This would expand the 
functionality of the proposed functions. But could it lead to more hard 
to detect errors in policies?

- How is case conversion handled?

Since we use the XML string type, we are dealing with international 
characters and case conversion seems to depend on in which language the 
string is used. I found some references here: 
http://unicode.org/reports/tr21/tr21-5.html though I haven't read that 
in detail.

The Java string class javadoc contains the following text "Case mapping 
relies heavily on the information provided by the Unicode Consortium's 
Unicode 3.0 specification. The specification's UnicodeData.txt and 
SpecialCasing.txt files are used extensively to provide case mapping."

The Java implementation of the case conversion functions depend on the 
locale, BTW.

Does anyone know if the Java implementation conforms to some universally 
accepted specification? It would be nice if there is such a 
specification and we could refer to it easily, so no special trickery 
would be needed in XACML implementations (on Java or any other common 
language).

Another issue which has to be taken into account is that it looks to me 
that in general converting to upper case and testing for equality, vs, 
converting to lower case and testing for equality could yield different 
results. We would have to define either mode.

Does anybody know of an expert on these matters?

Best regards,
Erik

Craig Forster wrote:
> Hi Erik,
>
> Thanks for summarising the conversations to date.  I agree that our
> investigations have shown that generally importing XPath functions is
> incompatible with the XACML data model.
>
> So apart from the functions I've listed, does anyone else have suggestions
> about what other new functions are needed for 3.0?
>
> Regards,
> Craig
>
> ---------------------------------------------------------------
> Craig Forster
> Software Engineer
> IBM Australia Development Labs
> ---------------------------------------------------------------
>
>
>                                                                                                                                
>   From:       Erik Rissanen <erik@axiomatics.com>                                                                              
>                                                                                                                                
>   To:         XACML TC <xacml@lists.oasis-open.org>                                                                            
>                                                                                                                                
>   Date:       25/06/2008 02:09                                                                                                 
>                                                                                                                                
>   Subject:    [xacml] Issue 88, general xpath functions again                                                                  
>                                                                                                                                
>
>
>
>
>
> All,
>
> I had a look at Craig's original post on this issue with the intention
> of proposing which functions we should import from xpath. Craig's post
> is here:
>
> http://lists.oasis-open.org/archives/xacml/200710/msg00000.html
>
> He proposes these functions as a start:
>
>  - <type>-starts-with
>  - <type>-ends-with
>  - <type>-contains
>  - <type>-substring
>  - string-equal-ignore-case
>
> Where <type> is either string or anyURI.
>
> Daniel then proposed that we instead import the string function library
> from xpath 2.
>
> We then discussed the option of a general import of functions from xpath
> and it seems difficult to do. The xpath data model is not similar to
> XACML. It contains entities unnatural to XACML and does type conversions
> on the fly. (Correct me if I am wrong.)
>
> So during the last call we decided to instead import particular
> functions from xpath. And we had found that xpath declares URIs for
> their functions, so we could use those URIs as our identifiers.
>
> Sounds good so far, but I ran into some issues.
>
> For a start I notice that all these functions which Craig proposes are
> not part of the xpath function library itself.
>
> "starts/ends-with", "substring" and "contains" are present, but rely of
> string conversion of their arguments, meaning that there are not
> separate functions for the string and uri variants in xpath. XACML is
> statically typed, so unless we want to change that, we would have to
> redefine these functions into separate string and uri variants in XACML.
> So we end up with just plain XACML functions with no direct mapping to
> xpath.
>
> I could not find the "string-equal-ignore-case" function in xpath. (It
> can probably be achieved with case conversion functions, but I didn't
> look into it.)
>
> So there isn't any direct mapping of these functions to xpath.
>
> I propose that we abandon the idea of mapping xpath functions to XACML.
> The data models are too different to be worth it.
>
> Instead let's just define the functions which Craig proposed ourselves.
>
> Best regards,
> Erik
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]