OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Using attributes


> > 
> > Permissions, instead of the permissions list structure I 
> would like to have a sequence of
> > attributes:
> >     <Permissions Permit="Read" Permit="Write" Permit="Delete"
> >         Permit="http://someextension.test/sss">
> This is not valid XML since only one attribute with a given
> name is permitted on any given element.
> Typically, something that suggests a plural (Permissions in 
> this instance)
> would be best represented as a sequence of elements, possibly 
> without the
> use of attributes in this case:
> <Permissions>
> 	<Permission>Read</Permission>
> 	<Permission>Write</Permission>
> 	<Permission>Delete</Permission>
> 	<Permission>http://someextension.test/sss</Permission>
> </Permissions>
> Note also that in the example above, it would probably be best to
> have a consistent typing of the content. An URI type would
> seem to be in order here, given that you seem to imply in your example
> that one can define one's own set of permissions by giving it a
> name (A URI). Given that, it would seem that the following would
> be in order:
> <Permissions>
> 	<Permission>http://saml.org/permissions/Read</Permission>
> 	<Permission>http://saml.org/permissions/Write</Permission>
> 	<Permission>http://saml.org/permissions/Delete</Permission>
> 	<Permission>http://someextension.test/sss</Permission>
> </Permissions>
> which has a corresponding schema of something like the following:
>         <xsd:element name="tns:Permissions" 
> type="tns:Permissions.type"/>
>         <xsd:simpleType name="Permission.type">
>                 <xsd:restriction base="xsd:uriReference"/>
>         </xsd:simpleType>
>         <xsd:complexType name="Permissions.type">
>                 <xsd:sequence>
>                         <xsd:element name="Permission" 
> 				type="tns:Permission.type" 
> 				maxOccurs="unbounded"/>
>                 </xsd:sequence>
>         </xsd:complexType>

Seems to me that namespaces are a better way to differentiate between saml
and non-saml permissions.  In my proposal, I listed 5 ways that I had tried
to do this with schema.  This is on page 12.  As an aside, I probably should
add this style as well.

My preference for permissions were one of the following

1. list of names,
<permissions>READ WRITE DELETE someext:sss</permissions> OR 
<permissions>READ WRITE DELETE sss</permissions>  

This doesn't work because the enumeration value space can't be extended.

2. namespaced elements, ie 
I can't recall why this didn't work.

Chris, any chance of you trying either of these methods?  I'm not a guru at
schema, so maybe I missed something.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC