OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] New target schema

Title: New target schema

Colleagues - What do people think of this? ...

1. Treats "action" in a way that is identical to the other components of target.
2. Doesn't have a reserved value to indicate 'all'.  The value of Attribute and the MatchFunction have to be chosen to indicate 'all', if that is what is desired.

3. All the equality operators are included.  Perhaps some should not be allowed for the purposes of target.
4. Function will extend the MatchFunction list.
5. Do the function enumeration values have to be URIs.  A string like "numeric-equal" would be more succinct.  If we feel that function definitions would need a namespace qualifier, then we might as well leave the function name as a URI.

6. String-match uses the regular expression syntax.

Let me have your thoughts.

All the best.  Tim.

<xs:complexType name="TargetType">
        <xs:sequence>
                <xs:element name="Subjects" type="xacml:MatchType" maxOccurs="unbounded"/>
                <xs:element name="Resources" type="xacml:MatchType" maxOccurs="unbounded"/>
                <xs:element name="Actions" type="xacml:MatchType" maxOccurs="unbounded"/>
        </xs:sequence>
</xs:complexType>
<!-- -->
<xs:complexType name="MatchType">
        <xs:sequence>
                <xs:element ref="xacml:AttributeDesignator"/>
                <xs:element ref="xacml:Attribute"/>
        </xs:sequence>
        <xs:attribute name="Match" type="xacml:MatchFunctionType"/>
</xs:complexType>
<!-- -->
<xs:simpleType name="MatchFunctionType">
        <xs:restriction base="xs:anyURI">
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:numeric-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:boolean-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:string-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:date-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:time-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:datetime-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:yearMonthDuration-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:dayTimeDuration-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:gregorian-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:hex-binary-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:base64-binary-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:anyURI-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:QName-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:NOTATION-equal"/>
                <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:string-match"/>
        </xs:restriction>
</xs:simpleType>

-----------------------------------------
Tim Moses
Tel: 613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC