OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Issue for Errata: XPathCategory attribute not in schema or spec + other related issues


The XPathCategory attribute, described in:
  •  section 5.30, line 2489,
  •  Appendix A.2, line 4052

which also shows up in examples:

  • 4.2.2 Example RequestContext, line 967,
  • 4.2.4.1 Rule 1, line 1089,
  • 4.2.4.2 Rule 2, line 1253,
  • 4.2.4.3 Rule 3, line 1418,
  • 4.2.4.4 Rule 4, line 1588

does not appear in any of the schema descriptions in the spec, nor in
the xsd, itself.

Based on the text of Appendix A.2 XPathExpression, lines 4050-4053:

"... When the value is encoded in an <AttributeValue> element,
 the namespace context is given by the <AttributeValue> element
 and an XML attribute called XPathCategory gives the category
 of the <Content> element where the _expression_ applies. ..."
and the fact that the XPathCategory shows up in AttributeValue
elements in the examples, it would seem that AttributeValue might
need to have the XPathCategory xml attribute defined for it as
an optional attribute.

One other related issue has to do with the description of the ContextSelectorId
attribute that refers to XPathCategory (lines 2485-2490):
"ContextSelectorId [Optional]
This attribute refers to the attribute (by its AttributeId) in the request context
 in the category given by the Category attribute.
The referenced attribute MUST have data type
   urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression,
 and must select a single node in the <Content> element.
The XPathCategory attribute of the referenced attribute MUST be equal to
 the Category attribute of the attribute selector."

The last sentence of the above description sounds like XPathCategory
is an attribute of the <Attribute> element, as opposed to the <AttributeValue>
element.

A second related issue also has to do with the above ContextSelectorId text, except
that the issue is implicit by the examples, where in the example rules, the construct
used is an AttributeDesignator in a <Match> element, as opposed to an AttributeSelector.

Despite the fact that the AttributeDesignator construct is not defined in the spec
for XPathExpression, its use in the examples appears logical and I would suggest
adding an explanation that when an AttributeDesignator contains an
XPathExpression DataType, that the associated AttributeValue in the Match
element can have an XPathCategory specifying which Attributes element the
Content is that the value should be selected from.

    Thanks,
    Rich



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]