OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] Attribute and AttributeDesignator for XACML...


Title: Attribute and AttributeDesignator for XACML...

Hi all,

One of the things discussed at the F2F last week was bringing various bits and pieces under the XACML namespace.  This includes both AttributeDesignator and Attribute.  The idea is that these would be almost identical to their counterparts in SAML, but would include three pieces of (optional) extra information:  Issuer; IssueInstant; and Holder.  Furthermore, the AttributeNamespace attribute would be renamed to something like AttributeLocator (its value would be an XPath expression into the XACML context that will contain all the suitably-sorted input data).

Anyway, we discussed this idea but did not get as far as writing up the schema for it.  So, what follows below is the proposed schema.  Comments welcome!

Carlisle.

8<--------------------


        <element name="AttributeDesignator" type="xacml:AttributeDesignatorType"/>
        <complexType name="AttributeDesignatorType">
            <attribute name="AttributeName" type="string" use="required"/>
            <attribute name="AttributeLocator" type="anyURI" use="required"/>
            <attribute name="Issuer" type="string" use="optional"/>
            <attribute name="IssueInstant" type="dateTime" use="optional"/>
            <element ref="xacml:Holder" minOccurs="0"/>
        </complexType>

        <element name="Holder" type="xacml:HolderType"/>
        <complexType name="HolderType">
            <choice>
                <sequence>
                    <element ref="xacml:NameIdentifier"/>
                    <element ref="xacml:SubjectConfirmation" minOccurs="0"/>
                </sequence>
                <element ref="xacml:SubjectConfirmation"/>
            </choice>
        </complexType>

        <element name="NameIdentifier" type="xacml:NameIdentifierType"/>
        <complexType name="NameIdentifierType">
            <simpleContent>
                <extension base="string">
                    <attribute name="NameQualifier" type="string" use="optional"/>
                    <attribute name="Format" type="anyURI" use="optional"/>
                </extension>
            </simpleContent>
        </complexType>

        <element name="SubjectConfirmation" type="xacml:SubjectConfirmationType"/>
        <complexType name="SubjectConfirmationType">
            <sequence>
                <element ref="xacml:ConfirmationMethod" maxOccurs="unbounded"/>
                <element ref="xacml:SubjectConfirmationData" minOccurs="0"/>
                <element ref="ds:KeyInfo" minOccurs="0"/>
            </sequence>
        </complexType>

        <element name="ConfirmationMethod" type="anyURI"/>

        <element name="SubjectConfirmationData" type="anyType"/>

        <element name="Attribute" type="xacml:AttributeType"/>
        <complexType name="AttributeType">
            <complexContent>
                <extension base="xacml:AttributeDesignatorType">
                    <sequence>
                        <element ref="xacml:AttributeValue" maxOccurs="unbounded"/>
                    </sequence>
                </extension>
            </complexContent>
        </complexType>

        <element name="AttributeValue" type="anyType"/>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC