[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] RE: policy model, part 1
Hi Carlisle,
> Carlisle Adams wrote:
>
> Hi Polar,
>
> ----------
> From: Polar Humenn[SMTP:polar@syr.edu]
> Sent: Thursday, February 21, 2002 4:17 PM
> To: Carlisle Adams
> Cc: 'xacml@lists.oasis-open.org'
> Subject: Re: [xacml] RE: policy model, part 1
>
> On Tue, 19 Feb 2002, Carlisle Adams wrote:
>
> > A RuleStatement contains the following items.
> > - a RuleCore, which is a triple ("subject", "action", "resource"),
> > although one or two of the components may be missing (meaning "any").
>
> I would still like to see place holders for that information, such as
> <AnySubject/>, <AnyAction/>, <AnyResource/>, so that it is explicit in
> what it means. You can lock in the positions in the syntax as well, which
> might lead to easier processing.
>
>
> This is fine, although the syntax is probably a little bit uglier (e.g., the <subjects> element now needs to be a choice of PredicateExpressionType and <AnySubject/>, rather than simply a PredicateExpressionType that may have zero predicates (minOccurs="0")).
>
> But I can live with either.
The nillable feature provided by XML Schema bears investigation.
XML Schema allows elements to be made nillable
So in the XACML schema we could say:
<xs:element name="subjects" type="xacml:PredicateExpressionType" nillable=true" />
Then the following XACML policy instance fragment would be considered valid
<subjects xsi:nil = "true"></subjects>
(xsi is the XMLSchema-instance namespace)
So basically, the interpretation is that a nil subject is
AnySubject. Would this interpretation work ?
If so, then nillable needs to be investigated further to see if
there are any reasons why we may not use it. But that is a work item
when the focus shifts to XML syntax.
>
> Carlisle.
--
Sekhar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC