OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Any rules/regulations for defining new AttributeId with "urn:oasis:names:tc:xacml:2.0:"prefix


Hello Everyone!

As a coordination/collaboration effort between few Grid initiatives and
consortia, we develop "An XACML Attribute and Obligation Profile for
AuthZ Interoperability in Grids".

There is a number of specific attribute and obligation identifiers we
found necessary to define such as but not limited to: "subject-vo",
"voms-fqan", "voms-dns-port", "obligation.uid",
"obligation.path-restriction", etc.

The question is whether there are some rules that recommend or restrict
using XACML namespace prefix and identifier branches?

I other words, can we define our domain/application specific identifiers
in the following way:

urn:oasis:names:tc:xacml:2.0:subject:subject-vo
urn:oasis:names:tc:xacml:2.0:subject:voms-fqan
urn:oasis:names:tc:xacml:2.0:subject:voms-dns-port
urn:oasis:names:tc:xacml:2.0:resource:CE

urn:oasis:names:tc:xacml:2.0:policy:obligation.uid
urn:oasis:names:tc:xacml:2.0:policy:obligation.path-restriction

Any advice and suggestions or reference to existing practices will be
highly appreciated.

Thanks in advance,

Yuri Demchenko
UvA, EGEE Project





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]