balana
balana copied to clipboard
wso2
function <any-of-all> implementation is not correct
according to HigherOrderFunction.java: any-of-all and all-of-any both use a private function allOfAny(),the difference is just switch the bag parameter's order. but it is not correct. for example: any-of-all("string-equal",["a","b","c"],["a","b"]) returns TRUE, any-of-all("string-equal",["a","b"],["a","b"]) returns TRUE, but according to the specification. Obviousely it should be false.
I also use at&t's implementation to do the same test,both returns false.
FYI, this should work fine with AuthzForce implementation (return TRUE in both cases). Feel free to try.
hi,cdanger,you mean the behaviour of authzForce implementation is the same with balana(Both return true),but at&t is different,I feel confused,which behaviour is the right one?
Sorry, I read too quickly. Both any-of-all expressions in your example should return TRUE: indeed, for all values in the second bag, there is a value in the first one that is equal. So at&t implementation is wrong if it returns false there.
Now, if you replace any-of-all with all-of-any in your example: all-of-any("string-equal",["a","b","c"],["a","b"]) should return FALSE, all-of-any("string-equal",["a","b"],["a","b"]) should return TRUE.
Indeed, in the first case, for value "c" in the first bag, there is not any value in the second one that is equal. Is that what you get with Balana?
hi,cdanger,I doubt I have read the wrong specification.-_-;
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cd-1-en.html#_Toc229296615
In the doc about any-of-all,It says the semantics of the “any_of_all” function are as follows: any_of_all :: ( a -> b -> Bool ) -> [a]-> [b] -> Bool any_of_all f [] ys = False any_of_all f (x:xs) ys = (all_of f x ys) || ( any_of_all f xs ys) So,according to the semantics: any-of-all("string-equal",["a","b","c"],["a","b"]) (all-of(a,[a,b]) || (all-of(b,[a,b]) || (all-of(c,[a,b]) == false || false || false But the balana impl returns true.
So,I just get confused,I don't know what is the right impl
Yes, that link is obsolete, it is an old draft of the spec from 2009. You have to click on Latest version at the top of the page to get the current version (2017): https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html So in our case, the section on higher-order functions: https://docs.oasis-open.org/xacml/3.0/errata01/os/xacml-3.0-core-spec-errata01-os-complete.html#_Toc489959654
thx,cdanger,I also have a question that in the old spec,the any-of-all semantics is useful, but in the new spec,there is no function that can implement the old any-of-all semantics the new any-of-all is just like the all-of-any function,difference is the arguments is switched. Is this a good practice?
I really think the old semantics is very useful. In many cases.
Actually, I checked the textual description of the 2009 version, and it is the same as the latest version, no change there. But the Haskell defintions are no longer there. According to the revision history (appendix E) of the latest version, the Haskell definitions were removed in 2011 by Erik Rissanen, the revision comment simply says Removed the (broken) Haskel definitions of the higher order functions.
Anyway, I don't see any XACML function in the current standard that matches this old Haskell defition, sorry. You may have to extend the XACML implementation with your own function to get it.
thx a lot , cdanger! that's very helpful. I will provide my owner function to do this.