[jboss-jira] [JBoss JIRA] Commented: (SECURITY-162) BasicEvaluationCtx: relax the resource-id requirements

Marcus Moyses (JIRA) jira-events at lists.jboss.org
Tue Apr 1 14:51:10 EDT 2008 

    [ http://jira.jboss.com/jira/browse/SECURITY-162?page=comments#action_12406289 ] 
            
Marcus Moyses commented on SECURITY-162:
----------------------------------------

>From the spec:
==============
B.6. Resource attributes
These identifiers indicate attributes of the resource. The corresponding attributes MAY appear in the <Resource> element of the request context and be accessed by means of a <ResourceAttributeDesignator> element, or by an <AttributeSelector> element that points into the <Resource> element of the request context.

This attribute identifies the resource to which access is requested. If an <xacml-context:ResourceContent> element is provided, then the resource to which access is requested SHALL be all or a portion of the resource supplied in the <xacml-context:ResourceContent> element.

urn:oasis:names:tc:xacml:1.0:resource:resource-id


> BasicEvaluationCtx: relax the resource-id requirements
> ------------------------------------------------------
>
>                 Key: SECURITY-162
>                 URL: http://jira.jboss.com/jira/browse/SECURITY-162
>             Project: JBoss Security and Identity Management
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: jboss-sunxacml
>    Affects Versions: 2.0.2-BETA6
>            Reporter: Anil Saldhana
>         Assigned To: Anil Saldhana
>             Fix For: 2.0.2.GA
>
>
> As per the context request schema:
> ===========
> <xs:element name="Resource" type="xacml-context:ResourceType"/>
> 	<xs:complexType name="ResourceType">
> 		<xs:sequence>
> 			<xs:element ref="xacml-context:ResourceContent" minOccurs="0"/>
> 			<xs:element ref="xacml-context:Attribute" minOccurs="0" maxOccurs="unbounded"/>
> 		</xs:sequence>
> 	</xs:complexType>
> 	<!-- -->
> 	<xs:element name="ResourceContent" type="xacml-context:ResourceContentType"/>
> 	<xs:complexType name="ResourceContentType" mixed="true">
> 		<xs:sequence>
> 			<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
> 		</xs:sequence>
> 		<xs:anyAttribute namespace="##any" processContents="lax"/>
> 	</xs:complexType>
> =================
> there is no requirement for a resource id to exist.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list