RE: [xacml] apr15 schema subcom issues

[Tim Moses <tim.moses@entrust.com>]

Title: RE: [xacml] apr15 schema subcom issues

Hey Anne, you are really getting the hang of this XML stuff.  See, it wasn't so hard, was it?  Your extension schema definition was perfect, and just to prove the point, here it is in a form that XMLSpy really does validate.

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema targetNamespace="http://research.sun.com/people/anderson/mayan.xsd"  xmlns:maya="http://research.sun.com/people/anderson/mayan.xsd" xmlns:xacml="http://www.oasis-open.org/committees/xacml/docs/draft-xacml-schema-policy-13.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">

        <xs:import namespace="http://www.oasis-open.org/committees/xacml/docs/draft-xacml-schema-policy-13.xsd" schemaLocation="http://www.oasis-open.org/committees/xacml/docs/draft-xacml-schema-policy-13.xsd"/>

        <xs:element name="mayanDateMatch" type="xacml:CompareType" substitutionGroup="xacml:predicate"/>
</xs:schema>

Naturally, in addition to the schema definition, one would have to provide a description of the function and the attributes that form its input.  The PDP that implements this predicate must be provided with the extension schema and the predicate class.

Your option b) requires an equivalent amount of work to define the predicate name space and predicate name.

So, I want to put forward the point of view that using the built-in extensibility features of XML to incorporate new predicates is workable, requires no more effort than an xacml-specific technique and more effectively levaerages existing solutions.

All the best.  Tim.

-----------------------------------------
Tim Moses
Tel: 613.270.3183

-----Original Message-----
From: Anne Anderson [mailto:Anne.Anderson@Sun.com]
Sent: Tuesday, April 16, 2002 2:17 PM
To: xacml@lists.oasis-open.org
Subject: Re: [xacml] apr15 schema subcom issues

On 16 April, Simon Godik writes: [xacml] apr15 schema subcom issues

 > 1. Investigate graphical schema representation with xml spy
 >    (Simon) Ann suggested including graphical representation of
 >    the schema in the core text.

Correction: I did not intend to suggest including it in the core
text.  I merely requested that someone in the TC with access to a
good graphical representation tool post a graphical
representation when new schema versions come out.

Additional issue from the April 15 2002 schema subcom:

5. Will XACML extensibility be handled via extension schemas, or
   will the XACML base functions include a mechanism for locating
   extensions?

   For example, if I want to define a new predicate to compare
   dates expressed in the Mayan calendar format, do I

   a) define an extension schema
      xmlns:mayan="http://http://research.sun.com/people/anderson/mayan.xsd"
      that defines

      <xs:element name="MayanDateMatch"
                  type="xacml:CompareType"
                  substitutionGroup="xacml:predicate"/>

      then use
      <MayanDateMatch>
        <saml:AttributeDesignator>...</saml:AttributeDesignator>
        <saml:AttributeDesignator>...</saml:AttributeDesignator>
      </MayanDate
     
      in my policy, or 

   b) make use of built-in XACML extensible predicate element,
      and use in my policy:

      <Operator OperatorName="MayanDateMatch"
          OperatorNamespace="http://research.sun.com/people/anderson/">
          <saml:AttributeDesignator>....</saml:AttributeDesignator>
          <string>"tzolkin=2 Etznab, haab=11 Pop"</string>
      </Operator>

      where the base XACML specification defines something like:

      <xs:element name="Operator"
                  type="xacml:ExtensiblePredicateType"
                  substitutionGroup="xacml:predicate"/>

      <xs:complexType name="ExtensiblePredicateType">     
          <xs:complexContent>
              <xs:extension base="xacml:PredicateAbstractType">
              <xs:choice minOccurs="1">
                                        <xs:element ref="saml:AttributeDesignator"/>
                                        <xs:element ref="saml:Attribute"/>
                                        <xs:element ref="xacml:attributeFunction"/>
                    <xs:string/>
              </xs:choice>
              <xs:attribute name="OperatorName"
                            type="xs:anyURI"
                            use="required"/>
              <xs:attribute name="OperatorNamespace"
                            type="xs:anyURI"
                            use="required"/>
          </xs:complexContent>
      </xs:complexType>

Anne      
--
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>