Cart
[Home] [By Thread] [By Date] [Recent Entries]
[NOTE: I've only just subscribed to this list, so this issue may have been addressed by someone else...apologies in advance if I'm adding duplicate information.] Someone forwarded me a message posted here late last week about XACML and function namespaces. In a nutshell, the answer is that the XACML spec defines a standard namespace for functions, but that namespace is _only_ for the standard functions defined in the specification. You are free to define new functions, but they must be in a different namespace. Once you define your new function, there is no automatic namespace addition in a policy. That is, if you define a new function called urn:foo:bar:baz:my-function then you reference it in your policy as <Apply FunctionId="urn:foo:bar:baz:my-function"> The poster suggested that using the example in the programmer's guide, the example function "bool-text-compare" would be referenced in a policy as FunctionId="bool-text-compare", and yes, that's exactly right. Note that at the sourceforge pages for the open source implemenation that I manage, there is a general discussion forum for exactly these kinds of questions. Feel free to take further discussions there. Anyone can subscribe to the list by going to http://lists.sourceforge.net/lists/listinfo/sunxacml-discuss There's also a public archive of the list if you just want to browse past discussions. seth -- Internet Security Research Group Sun Microsystems Labs
|
