[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: another attempt at azn query refinment
Before we try to work out whether or not this is a good solution, I propose that we decide whether or not this a problem we are proposing to solve in SAML 1.0. The kinds of questions you propose represent an entirely new kind of question. "What is available for lunch?" is a very different question from "May I have lunch?". My gut reaction is that this is not something we should discuss in the SAML 1.0 timeframe. C. -----Original Message----- From: Simon Godik [mailto:sgodik@crosslogix.com] Sent: Thursday, October 04, 2001 4:11 PM To: 'security-services@lists.oasis-open.org' Subject: another attempt at azn query refinment I did not get response (negative or positive) to my previous message on azn query, so here is another try. Suppose we want to ask the question: What can I have for lunch today? To rephrase: Can I have lunch today (yes/no) and if yes what is on the menu? To answer, I propose to parameterize action element in authorization query: <AuthorizationQuery resource="lunch"> <Subject/> <Actions> <ParamAction ActionName="eat"> <Parameter name="appetizer"/> <Parameter name="main"/> <Parameter name="desert"/> <ParamAction> </Actions> <Evidence> my weight is 500 lb</Evidence> </AuthorizationQuery> <Response> <AssertionSimple> <AuthorizationStatement resource="lunch" decision="Permit"> <Subject/> <Actions> <ParamAction ActionName="eat"> <Parameter name="appetizer"> <ParameterValue>green salad</ParameterValue> </Parameter> <Parameter name="main"> <ParameterValue>hamburger</ParameterValue> </Parameter> <Parameter name="desert"> <ParameterValue>ice cream</ParameterValue> </Parameter> </ParamAction> </Actions> <Evidence> my weight is 500 lb</Evidence> </AuthorizationStatement> </AssertionSimple> </Response> To support this schema modifications are minimal: We can define ParamAction element and everywhere we allow Action now we can allow choice of Action or ParamAction. We also need Parameter element which is similar to Attribute element. (Attribute element could be reused by I'm not in favor of that) <Actions> <sequence> <choice minOccurs="1" maxOccurs="unbounded"> <element ref="saml:Action"/> <element ref="saml:ParamAction"/> </choice> </sequence> </Actions> <element name="ParamAction" type="saml:ParamActionType"/> <complexType name="ParamActionType"> <sequence> <element ref="saml:Parameter" minOccurs="0" maxOccurs="unbounded"/> </sequence> <attribute name="ActionName" type="string" use="required"/> </complexType> <element name="Parameter" type="saml:ParameterType"/> <complexType name="ParameterType"> < same as AttributeType > </complexType> Simon Godik Crosslogix
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC