[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] list of identifier values
The attached message contains the list of identifier values that we will use in XACML 1.0. Hal Lockhart will write up explanatory text around each of these (only minimal notes here). Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group, Sun Labs Sun Microsystems, Inc., Burlington, MA
--- Begin Message ---
- From: Anne Anderson <aha@ieee.org>
- To: Anne.Anderson@Sun.COM
- Date: Wed, 31 Jul 2002 20:39:03 -0400 ()
XACML base (BASE) urn:oasis:names:tc:xacml:1.0 Authentication locality (for translating SAML Authentication Locality element) BASE:auth-locality:ip-address BASE:auth-locality:dns-name XACML namespaces BASE:context BASE:policy XACML Action attribute identifier (used for examples only in 1.0) BASE:example:action ("read", etc. is value of Action Attribute) SubjectCategories BASE:subjectcategory:access-subject (the entity that is the ultimate initiator of the access) BASE:subjectcategory:recipient-subject (the entity that is the recipient of the output from the access itself) BASE:subjectcategory:intermediary-subject (an entity through which the request was passed) BASE:subjectcategory:codebase (can be multiple codebases: the executing code that generated the access request; e.g. the URL from which the accessing code was downloaded and attributes of this code, such as by whom it was signed) BASE:subjectcategory:requesting-machine (the machine where XACML functions BASE:function: (function table supplies all the identifiers with this prefix) DataTypes: BASE:datatype:x500name BASE:datatype:rfc822name ?:yearMonthDuration (take this from another spec; Michiharu knows) ?:dayTimeDuration (take this from another spec; Michiharu knows) xs:Gregorian BASE:datatype:numeric BASE:datatype:list set ???? (get this from Polar and Daniel) BASE:datatype:ufs-path (UNIX file-system path) Environment attributes BASE:environment:current-time (current time at the PDP) Subject attributes BASE:subject:authentication-time BASE:subject:authentication-method BASE:subject:request-time BASE:subject:session-start-time Resource attributes: BASE:resource:resource-uri (entire resource uri) BASE:resource:simple-file-name (last component of the file name. E.g. file://home/my/status#pointer has a simple-file-name of "status".) Attributes (Used only for examples) BASE:example:attribute (base for any other examples) BASE:example:attribute:role CombiningAlgorithms BASE:rule-combining-algorithm:deny-overrides BASE:rule-combining-algorithm:permit-overrides BASE:policy-combining-algorithm:deny-overrides BASE:policy-combining-algorithm:permit-overrides Status codes BASE:status:ok BASE:status:missing-attribute BASE:status:syntax-error BASE:status:processing-error (e.g. divide by 0) Identifiers used only in XACML ConformanceTests BASE:conformance-test: (base for all identifiers defined for ConformanceTests) DigestAlgId: sha-1: use what is defined in XML Signature or something like that Following done via schema elements or enumerations: XACML resource scopes (string enumeration) "Any" Target values (<AnySubject>, <AnyResource>, <AnyAction> elements) Effects (string enumeration) Decisions (string enumeration)--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC