[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml-comment] About the Syntax and Semantics of<AttributeAssignment>
Hi, >> In this case, <AttributeSelector> is used to specify >> the content of the attribute assignment. >> It seems to me that the semantics is not defined anywhere. >> Section 5.36 should define it. I think that, given a request context, the <AttributeSelector> element in an <AttributeAssignment> is evaluated using the request context, the evaluation results in a BAG of attribute values, and the BAG should be put in the response context. However, I don't think that the syntax for representing a BAG of attribute values is defined by the XACML schema. One solution is to allow the <AttributeAssignment> element to have multiple <AttributeValue> elements as child elements to represent the BAG of attribute values. The same is true for <AttributeDesignator>. Related comments: The XACML spec should clarify whether the <AttributeAssignment> element is allowed to have multiple <AttributeValue>, <AttributeSelector> and <AttributeDesignator> elements as child elements. Satoshi Hada IBM Tokyo Research Laboratory mailto:satoshih@jp.ibm.com Satoshi Hada/Japan/IBM@IB To: XACML COMMENT <xacml-comment@lists.oasis-open.org> MJP cc: Subject: [xacml-comment] About the Syntax and Semantics of <AttributeAssignment> 2003/02/21 10:54 Hi, I've just found an <AttributeAssignment> element has three kinds of child elements in Section 4.2.4.3 (Rule 3) [095] <AttributeAssignment AttributeId= [096] "urn:oasis:names:tc:xacml:1.0:example:attribute:mailto" [097] DataType="http://www.w3.org/2001/XMLSchema#string"> [098] <AttributeSelector RequestContextPath= [099] "//md:/record/md:patient/md:patientContact/md:email" [100] DataType="http://www.w3.org/2001/XMLSchema#string"/> [101] </AttributeAssignment> In this case, <AttributeSelector> is used to specify the content of the attribute assignment. It seems to me that the semantics is not defined anywhere. Section 5.36 should define it. [102] <AttributeAssignment AttributeId= [103] "urn:oasis:names:tc:xacml:1.0:example:attribute:text" [104] DataType="http://www.w3.org/2001/XMLSchema#string"> [105] <AttributeValue> [106] Your medical record has been accessed by: [107] </AttributeValue> [108] </AttributeAssignment> In this case, <AttributeValue> is used to specify the content of the attribute assignment. Again, Section 5.36 should define the semantics. Also, is the syntax of this <AttributeValue> element the same as defined in the XACML schema, i.e., <xs:element name="AttributeValue" type="xacml:AttributeValueType"/> ??? If yes, the DataType attribute must be added (because it is REQUIRED). [109] <AttributeAssignment AttributeId= [110] "urn:oasis:names:tc:xacml:example:attribute:text" [111] DataType="http://www.w3.org/2001/XMLSchema#string"> [112] <SubjectAttributeDesignator AttributeId= [113] "urn:osasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> [114] </AttributeAssignment> In this case, <AttributeDesignator> is used to specify the content of the attribute assignment. Again, Section 5.36 should define the semantics. Satoshi Hada IBM Tokyo Research Laboratory mailto:satoshih@jp.ibm.com ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC