[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Pagination support for policy query and assertion
Proposal: Pagination support for policy query and assertion
Related profile: SAML 2.0 Profile of XACML 2.0, Version 2
Usecase:
-------
Consider a scenario where a client is downloading large number of
policies from a PAP. During this time if PAP becomes temporarily
unavailable then the client will not be able to complete downloading
all applicable policies. When PAP becomes available again then the
client will have to download policies from the beginning again to
obtain all applicable policies.
This proposed extension can be used by a client to resume
downloading policies from the last known downloaded policy.
It optimizes policy query mechanism by avoiding downloading
previously downloaded policies.
Proposed XML Schema Elements:
-----------------------------
The following element will be used to support policy query with pagination:
<element name="PaginationRequest"
type="xacml-samlp:PaginationRequestType"/>
<complexType name="PaginationRequestType">
<attribute name="Offset" type="long" use="optional" default="0"/>
<attribute name="MaxElements" type="long" use="optional"/>
</complexType>
Offset:
It acts like a marker that will be used by PAP to send next available
policies.
MaxElements:
The maximum number of elements to be send by the PAP for this policy
query request.
The following element will be used to support policy assertion with
pagination:
<element name="PaginationResponse"
type="xacml-saml:PaginationResponseType"/>
<complexType name="PaginationResponseType">
<attribute name="NextOffset" type="long" use="required"/>
<attribute name="MaxPageElements" type="long" use="required"/>
<attribute name="TotalElements" type="long" use="optional"/>
</complexType>
NextOffset:
The next available policy offset that client should send for the
subsequent policy query request.
MaxPageElements:
Maximum number of policy request supported by the PAP for a given request.
TotalElements: The number of total applicable polices for this policy query.
Revised XACMLPolicyQueryType element:
-------------------------------------
<complexType name="XACMLPolicyQueryType">
<complexContent>
<extension base="samlp:RequestAbstractType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="xacml-context:Request" />
<element ref="xacml:Target" />
<element ref="xacml:PolicySetIdReference" />
<element ref="xacml:PolicyIdReference" />
<element ref="xacml-samlp:PaginationRequest"
minOccurs="0" maxOccurs="1"/>
</choice>
</extension>
</complexContent>
</complexType>
Revised XACMLPolicyStatementType element:
-----------------------------------------
<complexType name="XACMLPolicyStatementType">
<complexContent>
<extension base="saml:StatementAbstractType">
<choice minOccurs="0" maxOccurs="unbounded">
<element ref="xacml:Policy"/>
<element ref="xacml:PolicySet"/>
<element ref="xacml-saml:PaginationResponse"
minOccurs="0" maxOccurs="1"/>
</choice>
</extension>
</complexContent>
</complexType>
Note:
A PAP that supports this pagination scheme should support sorted policy
assertion. This will allow the policy offset element to be used
correctly. In addition, it will ensure that subsequent policy query
response excludes previously downloaded policies.
Regards,
Kamalendu Biswas
Oracle Fusion Middleware
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]