[
Lists Home |
Date Index |
Thread Index
]
[NOTE: I've only just subscribed to this list, so this issue may have
been addressed by someone else...apologies in advance if I'm adding
duplicate information.]
Someone forwarded me a message posted here late last week about XACML
and function namespaces. In a nutshell, the answer is that the XACML
spec defines a standard namespace for functions, but that namespace is
_only_ for the standard functions defined in the specification. You
are free to define new functions, but they must be in a different
namespace. Once you define your new function, there is no automatic
namespace addition in a policy. That is, if you define a new function
called
urn:foo:bar:baz:my-function
then you reference it in your policy as
<Apply FunctionId="urn:foo:bar:baz:my-function">
The poster suggested that using the example in the programmer's guide,
the example function "bool-text-compare" would be referenced in a
policy as FunctionId="bool-text-compare", and yes, that's exactly
right.
Note that at the sourceforge pages for the open source implemenation
that I manage, there is a general discussion forum for exactly these
kinds of questions. Feel free to take further discussions there.
Anyone can subscribe to the list by going to
http://lists.sourceforge.net/lists/listinfo/sunxacml-discuss
There's also a public archive of the list if you just want to browse
past discussions.
seth
--
Internet Security Research Group
Sun Microsystems Labs
|
