[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Revised proposal for issue #11, using XPath/URI pathexpressions
Rich, You say that the identifier serves as"an executable expression that can be applied to an XML document". That is true from a threoretical point of view, but there are currently no XACML functions which can operate on an URI like this. The URI needs to be resolved and then the path needs to be extracted before it can be applied as an XPath expressions. So it is a fundamentally new scheme, not a modification to the XPath scheme which started issue #11. BTW, did you check the XPath syntax? If I recall correctly from the past, foo[namespace-uri="bar"] does not work. I think I had to do *[localname='foo'][namespace-uri='bar']. I could be wrong though... Best regards, Erik Rich.Levinson wrote: > To TC: > > As described in previous email: > http://lists.oasis-open.org/archives/xacml/200911/msg00042.html > I have revised the original proposal submitted for issue 11. > > This proposal is intended to address the same problems as the previous > proposal, and it also provides a format which can potentially be used > to address the resource-id naming issue raised by Paul Tyson: > http://lists.oasis-open.org/archives/xacml/200911/msg00032.html > > A summary of expected benefits from this proposal includes the following: > > * The proposal provides an automatic naming method for any node in > an XML document, in the form of an XPath path expression, that > may also be used to retrieve the actual node identified. > * The proposal shows how to map this expression into standard URI > format by percent encoding each XPath step component that > follows a URI fragment slash "/". > * An XPath step in the proposal is represented by the > concatenation of 3 strings as a local-name plus two optional > predicates, each of which is immediately determinable when in > the XPath context of the document using standard XPath > functions: local-name(), namespace-uri(), and position() and the > full set of steps in the expression can be used to obtain the > single node addressed from any XPath context because the path is > absolute. > * The unencoded XPath path expression can be used as the identity > of a node in an XML document as described in section 2.1 of the > hierarchical profile. > * The unencoded XPath expression can be used as the resource-id as > described in section 2.2.3 of the Multiple Resource Profile. > * The XPath path expression can be used with or without the > associated XML document. i.e. the expression serves as BOTH an > executable expression that can be applied to an XML document AND > a literal identifier that can be used by regular expression > matching type operations. > * Percent-encoding of the XPath path expression is only required > when the expression is used as an actual URI, such as when > extending the URI mechanism into XML documents to identify > entities within the document, or when used as an identifier that > requires URI syntax such as an XML AttributeId attribute. > * In general, because the XPath path expression can operate as a > literal identifier, it enables policies to be written against > resources within XML documents which enable policy evaluation > before the document is accessed. > > I will try to prepare a slide presentation prior to the F2F. In the > meantime, hopefully, the information is intended to be self-explanatory. > > Comments and suggestions welcome. > > Thanks, > Rich > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]