OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] 1.1 Work Item: Detailed proposal for ConditionIdReference





Hi, Anne

What you are suggesting is that using RuleReference can represent
ConditionReference (in my proposal) if the specification level is one-level
moved up to PolicySet level from Policy level?  For example, the following
policy specification using ConditionReference

<Policy>
  <Condition Id="Cond1">expression1</Condition>
  <Target>Z</Target>
  <Rule>
    <Target>A</Target>
    <ConditionReference>Cond1
  </Rule>
  <Rule>
    <Target>B</Target>
    <ConditionReference>Cond1
  </Rule>
</Policy>

can be represented as:

<PolicySet>
  <Rule Id="Rule1">rule 1(Target is ANY, includes only Cond1)</Rule>
  <Target>Z</Target>
  <Policy>
    <Target>A</Target>
    <RuleReference>rule1</RuleReference>
  </Policy>
  <Policy>
    <Target>B</Target>
    <RuleReference>rule1</RuleReference>
  </Policy>
</PolicySet>

Is this correct?

Michiharu



                                                                                                                                        
                      Anne Anderson                                                                                                     
                      <Anne.Anderson@Su        To:       XACML TC <xacml@lists.oasis-open.org>                                          
                      n.com>                   cc:                                                                                      
                                               Subject:  [xacml] 1.1 Work Item: Detailed proposal for ConditionIdReference              
                      2003/05/29 23:57                                                                                                  
                      Please respond to                                                                                                 
                      Anne.Anderson                                                                                                     
                                                                                                                                        



The following message contains Michiharu's detailed proposal for
implementing a ConditionIdReference:

http://lists.oasis-open.org/archives/xacml/200304/msg00039.html

The motivation is that a policy writer may have a common
Condition statement that then needs to be included in various
different Rules that have various Targets.

I believe this can be accomplished using RuleIdReferences
(another proposed 1.1 work item): define a Rule that has an "Any"
Target and include the desired Condition in that Rule.  Now,
define a Policy for each of the various Targets, and include a
reference to this common Rule in each (rather than spelling out
the same Rule with the same Condition).

Anne
--
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]