OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Typos in the XACML 2.0 standard?

On Jul 15, 2008, at 1:41 AM, Erik Rissanen wrote:
> For the other data types there are also set functions, such as  
> union, intersection, etc. There are no set functions on dnsName and  
> ipAddress in the list of function identifiers. I am not sure if that  
> is by design or by mistake. The definitions of the set functions  
> depend on the definition of the -equal function for the particular  
> data type. But, there are no -equal functions defined for ipAddress  
> and dnsName. There are -regexp-match for them though, so it might be  
> by design. I suspect that it's a mistake. If so, the following  
> identifiers need to be added as well:

Reaching back into my not so reliable memory leads me to believe this  
was by design. dnsName and ipAddress regex matches serve as the  
equality functions for these types. In this case where an exact match  
is desired the parameter would be expressed as a literal regex  
expression ("foo\.bar\.blah").

I seem to recall that this was done to allow for broader definitions  
than single IP addresses or hostnames in a consistent manner ("???\.bar 
\.blah", etc.)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]