[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Fwd: Updated list of XACML identifiers
See attached mail message. Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group, Sun Labs Sun Microsystems, Inc., Burlington, MA
--- Begin Message ---
- From: Anne Anderson <aha@ieee.org>
- To: Anne.Anderson@sun.com
- Date: Thu, 1 Aug 2002 20:56:10 -0400 ()
XACML base (BASE) ================ urn:oasis:names:tc:xacml:1.0 Authentication locality (for translating SAML Authentication Locality element) ================= BASE:auth-locality:ip-address BASE:auth-locality:dns-name XACML namespaces ================ BASE:context BASE:policy XACML Action attribute identifier used for examples ================================================================= BASE:example:action ("read", etc. is AttributeValue) SubjectCategories ================= BASE:subjectcategory:access-subject (the entity that is the ultimate initiator of the access) BASE:subjectcategory:recipient-subject (the entity that is the recipient of the output from the access itself) BASE:subjectcategory:intermediary-subject (an entity through which the request was passed) BASE:subjectcategory:codebase (can be multiple codebases: the executing code that generated the access request; e.g. the URL from which the accessing code was downloaded and attributes of this code, such as by whom it was signed) BASE:subjectcategory:requesting-machine (the machine where XACML functions =============== BASE:function: (function table supplies all the identifiers with this prefix) DataTypes ========= BASE:datatype:x500name BASE:datatype:rfc822name ?:yearMonthDuration (take this from another spec; Michiharu knows) ?:dayTimeDuration (take this from another spec; Michiharu knows) xs:Gregorian BASE:datatype:numeric BASE:datatype:list set ???? (get this from Polar and Daniel) BASE:datatype:ufs-path (UNIX file-system path) Environment attributes ====================== BASE:environment:current-time (current time at the PDP) Subject attributes: at most one of each of these Attributes per Subject ======================================================================= BASE:subject:subject-id Use <AttributeValue DataType="<format>" rather than Format; default is xs:string BASE:subject:subject-category (default is AccessSubject) BASE:subject:subject-id-qualifier BASE:subject:key-info BASE:subject:authentication-time BASE:subject:authentication-method BASE:subject:request-time BASE:subject:session-start-time Resource attributes =================== BASE:resource:resource-uri (entire resource uri) BASE:resource:simple-file-name (last component of the file name. E.g. file://home/my/status#pointer has a simple-file-name of "status".) Attributes used in examples =========================== BASE:example:attribute (base for any other examples) BASE:example:attribute:role CombiningAlgorithms =================== BASE:rule-combining-algorithm:deny-overrides BASE:rule-combining-algorithm:permit-overrides BASE:rule-combining-algorithm:first-applicable BASE:policy-combining-algorithm:deny-overrides BASE:policy-combining-algorithm:permit-overrides BASE:policy-combining-algorithm:first-applicable Status codes ============ BASE:status:ok BASE:status:missing-attribute BASE:status:syntax-error BASE:status:processing-error (e.g. divide by 0) Identifiers used only in XACML ConformanceTests =============================================== BASE:conformance-test: (base for all identifiers defined for ConformanceTests) DigestAlgId [I think this goes away, since we no longer have RuleDigest] =========== sha-1: use what is defined in XML Signature or something like that Following done via schema elements or enumerations so don't need identifiers ================================================== -XACML resource scopes (string enumeration) -"Any" Target values (<AnySubject>, <AnyResource>, <AnyAction> elements) -Effects (string enumeration) -Decisions (string enumeration)--- End Message ---
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC