OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] apr15 schema subcom issues


On 16 April, Simon Godik writes: [xacml] apr15 schema subcom issues

 > 1. Investigate graphical schema representation with xml spy
 >    (Simon) Ann suggested including graphical representation of
 >    the schema in the core text.

Correction: I did not intend to suggest including it in the core
text.  I merely requested that someone in the TC with access to a
good graphical representation tool post a graphical
representation when new schema versions come out.

Additional issue from the April 15 2002 schema subcom:

5. Will XACML extensibility be handled via extension schemas, or
   will the XACML base functions include a mechanism for locating
   extensions?

   For example, if I want to define a new predicate to compare
   dates expressed in the Mayan calendar format, do I

   a) define an extension schema
      xmlns:mayan="http://http://research.sun.com/people/anderson/mayan.xsd";
      that defines

      <xs:element name="MayanDateMatch"
                  type="xacml:CompareType"
                  substitutionGroup="xacml:predicate"/>

      then use
      <MayanDateMatch>
        <saml:AttributeDesignator>...</saml:AttributeDesignator>
        <saml:AttributeDesignator>...</saml:AttributeDesignator>
      </MayanDate
      
      in my policy, or  

   b) make use of built-in XACML extensible predicate element,
      and use in my policy:

      <Operator OperatorName="MayanDateMatch"
          OperatorNamespace="http://research.sun.com/people/anderson/";>
          <saml:AttributeDesignator>....</saml:AttributeDesignator>
          <string>"tzolkin=2 Etznab, haab=11 Pop"</string>
      </Operator>

      where the base XACML specification defines something like:

      <xs:element name="Operator"
                  type="xacml:ExtensiblePredicateType"
                  substitutionGroup="xacml:predicate"/>

      <xs:complexType name="ExtensiblePredicateType">      
          <xs:complexContent>
              <xs:extension base="xacml:PredicateAbstractType">
              <xs:choice minOccurs="1">
					<xs:element ref="saml:AttributeDesignator"/>
					<xs:element ref="saml:Attribute"/>
					<xs:element ref="xacml:attributeFunction"/>
                    <xs:string/>
              </xs:choice>
              <xs:attribute name="OperatorName"
                            type="xs:anyURI"
                            use="required"/>
              <xs:attribute name="OperatorNamespace"
                            type="xs:anyURI"
                            use="required"/>
          </xs:complexContent>
      </xs:complexType>

Anne       
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC