[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] RE: policy model, part 1
Hi Carlisle, > Carlisle Adams wrote: > > Hi Polar, > > ---------- > From: Polar Humenn[SMTP:polar@syr.edu] > Sent: Thursday, February 21, 2002 4:17 PM > To: Carlisle Adams > Cc: 'xacml@lists.oasis-open.org' > Subject: Re: [xacml] RE: policy model, part 1 > > On Tue, 19 Feb 2002, Carlisle Adams wrote: > > > A RuleStatement contains the following items. > > - a RuleCore, which is a triple ("subject", "action", "resource"), > > although one or two of the components may be missing (meaning "any"). > > I would still like to see place holders for that information, such as > <AnySubject/>, <AnyAction/>, <AnyResource/>, so that it is explicit in > what it means. You can lock in the positions in the syntax as well, which > might lead to easier processing. > > > This is fine, although the syntax is probably a little bit uglier (e.g., the <subjects> element now needs to be a choice of PredicateExpressionType and <AnySubject/>, rather than simply a PredicateExpressionType that may have zero predicates (minOccurs="0")). > > But I can live with either. The nillable feature provided by XML Schema bears investigation. XML Schema allows elements to be made nillable So in the XACML schema we could say: <xs:element name="subjects" type="xacml:PredicateExpressionType" nillable=true" /> Then the following XACML policy instance fragment would be considered valid <subjects xsi:nil = "true"></subjects> (xsi is the XMLSchema-instance namespace) So basically, the interpretation is that a nil subject is AnySubject. Would this interpretation work ? If so, then nillable needs to be investigated further to see if there are any reasons why we may not use it. But that is a work item when the focus shifts to XML syntax. > > Carlisle. -- Sekhar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC