- From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 18 Jun 2010 23:57:42 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/policy
In directory hutz:/tmp/cvs-serv9341
Modified Files:
Profile.html
Log Message:
Fix wide variety of validation errors. please remember, attribute
values need quotes. Fix entities missing final ;. duplicated ids.
Index: Profile.html
===================================================================
RCS file: /sources/public/2009/dap/policy/Profile.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- Profile.html 18 Jun 2010 20:29:24 -0000 1.6
+++ Profile.html 18 Jun 2010 23:57:40 -0000 1.7
@@ -1,4 +1,5 @@
-<!DOCTYPE html> <html>
+<!DOCTYPE html>
+<html>
<head>
<title>XACML Policy Profile for Device APIs</title>
<meta http-equiv='Content-Type'
@@ -54,10 +55,10 @@
all the simple values have the same type, one of: </p>
<ul>
<li>String</li> <li>IRI</li>
- </ul> <p> Each <a href=#modifier-function>modifier
+ </ul> <p> Each <a href="#modifier-function">modifier
function</a> defines its result type, and how the
function's effect depends on the type of the input. </p>
- <p> Each <a href=#matching-function>matching
+ <p> Each <a href="#matching-function">matching
function</a> defines how it depends on the type of its
input. </p> <p> Where a modifier function or matching
function does not specify how it treats an input of a
@@ -68,8 +69,8 @@
undetermined value if one or more of the attributes on
which it depends has undetermined value at that
execution phase. </p> <p> For each <a
- href=#modifier-function>modifier function</a> and <a
- href=#matching-function>matching function</a>, its
+ href="#modifier-function">modifier function</a> and <a
+ href="#matching-function">matching function</a>, its
result for a given set of inputs is determined if and
only if all of its inputs are determined. </p> <p> The
syntax used for encoding a certificate fingerprint in
@@ -94,20 +95,26 @@
true or false (or undetermined). An attribute match is a
subject match, resource match or environment match,
depending on whether the attribute being matched is a
- subject, resource or environment attribute. </p> <p>An
+ subject, resource or environment attribute. </p>
+ <p>An
attribute match is an expression with a boolean result
- whose form is limited to one of the following:
- <ul> <li>matchfunc(modifierfunc(attr),
- value)</li> <li>matchfunc(attr, value)</li>
+ whose form is limited to one of the following:</p>
+ <ul>
+ <li>matchfunc(modifierfunc(attr), value)</li>
+ <li>matchfunc(attr, value)</li>
</ul>
+ <p>
Matchfunc is the matching function, a function with a
boolean result and two non-boolean inputs. Its result is
- undetermined if either input is undetermined. </p> <p>In
+ undetermined if either input is undetermined. </p>
+ <p>In
the first case, modifierfunc is a function with a
non-boolean result and a single non-boolean input. The
result of modifierfunc is undetermined if its input is
- undetermined. </p> <p> In the second case, there is no
- modifierfunc. </p> <p>The value to match (matchfunc's
+ undetermined. </p>
+ <p> In the second case, there is no
+ modifierfunc. </p>
+ <p>The value to match (matchfunc's
second input) is a sequence of literal text and other
attribute references implicitly combined using string
concatenation. Thus its type is bag containing a single
@@ -118,9 +125,11 @@
attribute whose value is a bag containing two or more
values causes the whole match value to be undefined. Any
reference to an undetermined attribute causes the whole
- value to match to be undetermined. </p> <p> For a
+ value to match to be undetermined. </p>
+ <p> For a
subject attribute match, only a single literal string is
- allowed, with no attribute references. </p> <p> If the
+ allowed, with no attribute references. </p>
+ <p> If the
attribute does not exist, then it has the empty bag
value. </p>
</section> <!-- attribute-match -->
@@ -173,7 +182,8 @@
<section id="rule">
<h3>Rule</h3>
<p>
- A rule consists of a <a href=#condition>condition</a> and an <a href=#effect>effect</a>.
+ A rule consists of a <a href="#condition">condition</a> and an
+ <a href="#effect">effect</a>.
</p> <p>
The result of a rule is determined if and only if its condition has determined value.
</p>
@@ -200,7 +210,7 @@
<h3>Policy</h3>
<p>A <em>policy</em> has a <em>target</em>, and a list
of zero or more <em>rules</em> combined using a <a
- href=#combining-algorithm><em>rule-combining
+ href="#combining-algorithm"><em>rule-combining
algorithm</em></a>. Where a directive attribute query
finds more than one applicable directive attribute set,
the first one is used. </p> <p>A <em>policy</em>
@@ -221,7 +231,7 @@
set</em>. </p> <p> A <em>policy set</em> is a target
with a list of zero or more <em>policies</em> and
<em>policy sets</em> combined using a <a
- href=#combining-algorithm><em>policy-combining
+ href="#combining-algorithm"><em>policy-combining
algorithm</em></a>. Where a directive attribute query
finds more than one applicable directive attribute set,
the first one is used. </p> <p> A <em>policy set</em>
@@ -510,12 +520,12 @@
<section id="signed-policy">
<h4>The <code><signed-policy></code> Element</h4>
<p>The root element of a signed policy document is a
- <code><code><signed-policy></code></code>. </p>
+ <code><signed-policy>></code>. </p>
<p><code><signed-policy></code> contains, in any
order, exactly one <code><signature></code>
element and one or more elements each of which is either
<code><policy-set></code> or
- <code><policy></code>;. </p>
+ <code><policy></code>;. </p>
</section>
<section id="signature">
<h4>The <code><signature></code> Element</h4>
@@ -530,7 +540,7 @@
more valid <Reference> elements;</li> <li>the
URL attribute of each <Reference> element <em
title="must" class="rfc2119">must</em> contain a
- reference to a <code><policy></code>; or
+ reference to a <code><policy></code>; or
<code><policy-set></code> element that is a
sibling of the <code><signature></code> element
in the same Signed Policy Document;</li> <li>the
@@ -539,16 +549,16 @@
<Transform> elements;</li> <li>the widget user
agent <em title="must" class="rfc2119">must</em> treat
the <code><signed-policy></code> as invalid if
- it has a child <code><policy></code>; or
+ it has a child <code><policy></code>; or
<code><policy-set></code> element for which
there is no <Reference> element.</li>
</ul> <p> Processing of the signature is specified in
section (*** change ref ***). </p>
- </section> <section id="policy-set">
+ </section> <section id="policy-set-element">
<h4>The <code><policy-set></code> Element</h4>
<p>The root element of a policy document is either a
<code><policy-set></code> or a
- <code><policy></code>;.
+ <code><policy></code>;.
<code><policy-set></code> has two possible
attributes: </p> <ul>
<li>combine, which <em title="must"
@@ -560,11 +570,11 @@
textual identifier for the
<code><policy-set></code>.</li>
</ul> <p> <code><policy-set></code> contains an
- optional <code><target></code>;, then zero or more
- <code><policy></code>; and/or
+ optional <code><target></code>;, then zero or more
+ <code><policy></code>; and/or
<code><policy-set></code> elements. </p>
</section>
- <section id="rule">
+ <section id="rule-element">
<h4>The <code><rule></code> Element</h4>
<p><code><rule></code> has one possible attribute,
effect, which must take a value of "permit",
@@ -584,7 +594,7 @@
<p><code><subject></code> contains one or more
<code><subject-match></code> elements. </p>
</section>
- <section id="condition">
+ <section id="condition-element">
<h4>The <code><condition></code> Element</h4>
<p> <code><condition></code> has one possible
attribute, combine, which must take a value of "and" or
@@ -660,8 +670,7 @@
attributes have the undefined value. </p>
<section class='widget-subject-attribute-definitions'>
<h2>Widget Subject Attribute Definitions</h2>
-<table
- border="1" summary=""> <caption> <dfn
+<table> <caption> <dfn
id="widget-subject-attributes-table">Widget Subject
Attributes Table</dfn></caption> <thead> <tr> <th
scope="col">Attribute</th> <th scope="col">Type</th> <th
@@ -723,8 +732,7 @@
</section>
<section class='website-subject-attribute-definitions'>
<h2>Web Site Subject Attribute Definitions</h2>
-<table border="1"
- summary=""> <caption> <dfn
+<table> <caption> <dfn
id="website-subject-attributes-table">Website Subject
Attributes Table</dfn></caption> <thead> <tr> <th
scope="col">Attribute</th> <th scope="col">Type</th> <th
@@ -777,8 +785,7 @@
<h2>Resource Attribute Definitions</h2>
<p>The resource is identified by one or more of
the following attributes: </p>
-<table border="1"
- summary=""> <caption> <dfn
+<table> <caption> <dfn
id="widget-subject-attributes-table">Widget Resource
Attributes Table</dfn></caption> <thead> <tr> <th
scope="col">Attribute</th> <th scope="col">Type</th> <th
@@ -828,8 +835,7 @@
<section 'class=context-attribute-definitions'>
<h2>Context Attribute Definitions</h2>
<p>
-<table
- border="1" summary=""> <caption> <dfn
+<table> <caption> <dfn
id="widget-subject-attributes-table">Context
Attributes Table</dfn></caption> <thead> <tr> <th
scope="col">Attribute</th> <th scope="col">Type</th> <th
Received on Friday, 18 June 2010 23:57:44 UTC