OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Item 60 (Define standard "purpose" attributes)

Colleagues - Here are my proposals for addressing "purpose" in the v2.0
specification.  Please consider and comment.  All the best.  Tim.


1. Append to Section B.6

urn:oasis:names:tc:xacml:2.0:resource:purpose

This attribute, of type http://www.w3.org/2001/XMLSchema#string, indicates
the purpose for which the data resource was collected.  The owner of the
resource SHOULD be informed and consent to the use of the resource for this
purpose.  The attribute value MAY be a regular expression.  The custodian's
privacy policy SHOULD define the semantics of all available values.

2. Append to Section B.7

urn:oasis:names:tc:xacml:2.0:action:purpose

This attribute, of type http://www.w3.org/2001/XMLSchema#string, indicates
the purpose for which access to the data resource is requested.

Action purposes MAY be organized hierarchically, in which case the value
MUST represent a node in the hierarchy.  XACML does not specify a scheme for
delimiting hierarchical levels.  However, the chosen scheme MUST be
consistent with the available values for resource purpose (see Section B.6).

3. Add following Section B.10

B.11  Standard rules

B.11.1  Matching purpose

This rule MUST be used with the
urn:oasis:names:tc:xacml:2.0:rule-combining-algorithm:deny-overrides
rule-combining algorithm.  It stipulates that access SHALL be denied unless
the purpose for which access is requested matches, by regular-expression
match, the purpose for which the data resource was collected.

<?xml version="1.0" encoding="UTF-8"?>
<Rule xmlns="urn:oasis:xacml:2.0:policy:schema:wd:06"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:xacml:2.0:policy:schema:wd:06
D:\MYDATA~1\Standards\xacml\v2.0\DRD2FC~1\oasis-xacml-2_0-policy-schema-wd-0
6.xsd" RuleId=" urn:oasis:names:tc:xacml:2.0:matching-purpose"
Effect="Permit">
	<Condition
FunctionId="urn:oasis:names:tc:xacml:2.0:function:regexp-string-match">
		<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
		<ActionAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
	</Condition>
</Rule>

-----------------------------------------------------------------
Tim Moses
613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]