[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: another attempt at azn query refinment
Before we try to work out whether or not this is a good solution, I propose
that we decide whether or not this a problem we are proposing to solve in
SAML 1.0. The kinds of questions you propose represent an entirely new kind
of question. "What is available for lunch?" is a very different question
from "May I have lunch?".
My gut reaction is that this is not something we should discuss in the SAML
1.0 timeframe.
C.
-----Original Message-----
From: Simon Godik [mailto:sgodik@crosslogix.com]
Sent: Thursday, October 04, 2001 4:11 PM
To: 'security-services@lists.oasis-open.org'
Subject: another attempt at azn query refinment
I did not get response (negative or positive) to my previous message on azn
query,
so here is another try.
Suppose we want to ask the question: What can I have for lunch today?
To rephrase: Can I have lunch today (yes/no) and if yes what is on the menu?
To answer, I propose to parameterize action element in authorization query:
<AuthorizationQuery resource="lunch">
<Subject/>
<Actions>
<ParamAction ActionName="eat">
<Parameter name="appetizer"/>
<Parameter name="main"/>
<Parameter name="desert"/>
<ParamAction>
</Actions>
<Evidence> my weight is 500 lb</Evidence>
</AuthorizationQuery>
<Response>
<AssertionSimple>
<AuthorizationStatement resource="lunch" decision="Permit">
<Subject/>
<Actions>
<ParamAction ActionName="eat">
<Parameter name="appetizer">
<ParameterValue>green
salad</ParameterValue>
</Parameter>
<Parameter name="main">
<ParameterValue>hamburger</ParameterValue>
</Parameter>
<Parameter name="desert">
<ParameterValue>ice
cream</ParameterValue>
</Parameter>
</ParamAction>
</Actions>
<Evidence> my weight is 500 lb</Evidence>
</AuthorizationStatement>
</AssertionSimple>
</Response>
To support this schema modifications are minimal:
We can define ParamAction element and everywhere we allow Action now we can
allow
choice of Action or ParamAction. We also need Parameter element which is
similar to
Attribute element. (Attribute element could be reused by I'm not in favor of
that)
<Actions>
<sequence>
<choice minOccurs="1" maxOccurs="unbounded">
<element ref="saml:Action"/>
<element ref="saml:ParamAction"/>
</choice>
</sequence>
</Actions>
<element name="ParamAction" type="saml:ParamActionType"/>
<complexType name="ParamActionType">
<sequence>
<element ref="saml:Parameter" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
<attribute name="ActionName" type="string" use="required"/>
</complexType>
<element name="Parameter" type="saml:ParameterType"/>
<complexType name="ParameterType">
< same as AttributeType >
</complexType>
Simon Godik
Crosslogix
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC