[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] [Fwd: Useful change to XACML Schema]
David, Why don't you put the policies into the enclosing transport protocol which you use to transmit the XACML request context? It would be analogous to the SAML profile request/response format which is defined by XACML. Even XACML itself does not put policies into the request context. They are part of the XACML/SAML wrapper protocol units. Best regards, Erik David Chadwick wrote: > Dear List > > In the EC TAS3 project we have a requirement to be able to dynamically > pass policies to PDPs, but the policies wont always be written in the > XACML language. e.g. we have a behavioural trust engine where the > policy language is written in SWI-Prolog. However we still want to use > the XACML request response context to pass the policy. We believe that > a simple addition of a new extension point to the PolicySet element > will allow alternative Policy formats to be included in the request. > The way to accomplish this can by adding an extension point to the > xs:choice element to allow any element in any Namespace to be added to > the request. The Specification should then make clear that the > extension point should only be used to define Policy related elements. > > Modified PolicySet Schema: > > <xs:complexType name="PolicySetType"> > <xs:sequence> > <xs:element ref="xacml:Description" minOccurs="0"/> > <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> > <xs:element ref="xacml:Target"/> > <xs:choice minOccurs="0" maxOccurs="unbounded"> > <xs:element ref="xacml:PolicySet"/> > <xs:element ref="xacml:Policy"/> > <xs:element ref="xacml:PolicySetIdReference"/> > <xs:element ref="xacml:PolicyIdReference"/> > <xs:element ref="xacml:CombinerParameters"/> > <xs:element ref="xacml:PolicyCombinerParameters"/> > <xs:element ref="xacml:PolicySetCombinerParameters"/> > * <!-- Extension Point for defining Authorisation > Policies in different namespaces --> > <xs:element ref="xs:any"/>* > </xs:choice> > <xs:element ref="xacml:Obligations" minOccurs="0"/> > </xs:sequence> > <xs:attribute name="PolicySetId" type="xs:anyURI" > use="required"/> > <xs:attribute name="Version" type="xacml:VersionType" > default="1.0"/> > <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" > use="required"/> > </xs:complexType> > > Regards > > David > > ***************************************************************** > David W. Chadwick, BSc PhD > Professor of Information Systems Security > The Computing Laboratory, University of Kent, Canterbury, CT2 7NF > Skype Name: davidwchadwick > Tel: +44 1227 82 3221 > Fax +44 1227 762 811 > Mobile: +44 77 96 44 7184 > Email: D.W.Chadwick@kent.ac.uk > Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html > Research Web site: > http://www.cs.kent.ac.uk/research/groups/iss/index.html > Entrust key validation string: MLJ9-DU5T-HV8J > PGP Key ID is 0xBC238DE5 > > ***************************************************************** > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]