[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for PDP metadata
All, I just posted a proposal for a PDP metadata schema, (issue 36 on the wiki, though I don't yet handle all items identified in the issues list.) The intent with this is to allow for a PDP to declare/publish which features of XACML it implements. It is intended to work with any version of XACML, not just 3.0. See the attached file for a sample metadata document. The schema is extensible, for instance it allows generic parameters of capabilities. An example of this is the obligation families capability, which has parameters such as which families are implemented. There is also an extension point in the top level element which allows any elements. I am not sure if this is actually needed. Most identifiers remain to be defined, but I wanted to get feedback on what I have here before I do more work on it. I defined metadata for two features which currently have no defined implementations, but which I would expect to be useful in the future. First, I defined a PDP location. This is an extension point and as standardized methods to access a PDP are developed, the content of this element can be defined. The second is an element declaring methods for resolving policy references. There is currently no such method, but I can imagine that there might be in the future. Regards, Erik
<?xml version="1.0" encoding="UTF-8"?> <md:PDPMetadata XACMLVersion="3.0" xmlns:md="urn:oasis:names:tc:xacml:3.0:profile:metadata:v1:schema:wd-01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:profile:metadata:v1:schema:wd-01 xacml-3.0-profile-metadata-v1-schema-wd-01.xsd"> <md:Function FunctionId="urn:oasis:names:tc:xacml:3.0:function:xpath-node-equal"/> <md:DataType DataTypeId="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"/> <md:RuleCombiningAlgorithm AlgorithmId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"/> <md:PolicyCombiningAlgorithm AlgorithmId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"/> <md:Capability CapabilityId="urn:FIXME:obligations"/> <md:Capability CapabilityId="urn:FIXME:obligation-families" xmlns:fami="urn:FIXME:obligation-families-metadata"> <fami:ObligationFamilyType FamilyId="urn:FIXME:exclusive"/> </md:Capability> </md:PDPMetadata>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]