14 messages in org.oasis-open.lists.xacmlRE: [xacml] legal values for Strings| From | Sent On | Attachments |
|---|---|---|
| Seth Proctor | Mar 23, 2004 11:09 am | |
| Rich Salz | Mar 23, 2004 11:23 am | |
| Daniel Engovatov | Mar 23, 2004 11:24 am | |
| Seth Proctor | Mar 23, 2004 12:05 pm | |
| Seth Proctor | Mar 23, 2004 12:08 pm | |
| Daniel Engovatov | Mar 23, 2004 12:10 pm | |
| Satoshi Hada | Mar 23, 2004 11:27 pm | |
| Polar Humenn | Mar 25, 2004 5:28 am | |
| Daniel Engovatov | Mar 25, 2004 9:47 am | |
| Tim Moses | Mar 25, 2004 10:51 am | |
| Daniel Engovatov | Mar 25, 2004 10:55 am | |
| Tim Moses | Mar 25, 2004 11:12 am | |
| Seth Proctor | Mar 26, 2004 9:12 am | |
| Seth Proctor | Mar 26, 2004 9:48 am |
| Subject: | RE: [xacml] legal values for Strings | |
|---|---|---|
| From: | Daniel Engovatov (deng...@bea.com) | |
| Date: | Mar 23, 2004 11:24:45 am | |
| List: | org.oasis-open.lists.xacml | |
None of the XACML standard data types had to be represented as complex content, so that would definitely be an extension. It seems to me that your example is not valid (need to have all the proper < etc..) - is it?
Daniel.
-----Original Message----- From: Seth Proctor [mailto:Seth...@Sun.COM] Sent: Tuesday, March 23, 2004 11:25 AM To: xac...@lists.oasis-open.org Subject: [xacml] legal values for Strings
In the current example policies, there are several places where we use a construction like
<AttributeValue DataType="...:string" AttributeId="foo"> <bar>baz</bar> </AttributeValue>
In other words, we specify a datatype of string and then follow with complex content. While the specification implies in several places that this it legal, it never comes out and says so explicitly. This is in part because we don't define string, but instead we take it from XMLSchema.
According to XMLSchema, however, string is a simple type, and may not be used to represent complex content. In other words, string is not supposed to contain any child elements. If we look at an XACML policy as a bunch of characters, then we might be meeting this contract. If we look at an XACML policy as a DOM tree, then we're almost certainly breaking this contract.
So, a question: is it legal in XACML to use string as the datatype for what may be interpreted as complex content? I would suggest the answer is no, unless we want to add explicit text to the XACML specification explaining why it's ok. Keep in mind that for people using DOM/SAX, the tree will be interpreted before they see the value, and this can cause the tags to change their representation (eg, namespacing, macro replacing, etc).
Any thoughts on this?
seth
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro up.php.