OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: another attempt at azn query refinment

Title: another attempt at azn query refinment

I did not get response (negative or positive) to my previous message on azn query,
so here is another try.

Suppose we want to ask the question: What can I have for lunch today?
To rephrase: Can I have lunch today (yes/no) and if yes what is on the menu?

To answer, I propose to parameterize action element in authorization query:

<AuthorizationQuery resource="lunch">
        <Subject/>
        <Actions>
                <ParamAction ActionName="eat">
                        <Parameter name="appetizer"/>
                        <Parameter name="main"/>
                        <Parameter name="desert"/>
                <ParamAction>
        </Actions>
        <Evidence> my weight is 500 lb</Evidence>
</AuthorizationQuery>

<Response>
        <AssertionSimple>
                <AuthorizationStatement resource="lunch" decision="Permit">
                        <Subject/>
                        <Actions>
                                <ParamAction ActionName="eat">
                                        <Parameter name="appetizer">
                                                <ParameterValue>green salad</ParameterValue>
                                        </Parameter>
                                        <Parameter name="main">
                                                <ParameterValue>hamburger</ParameterValue>
                                        </Parameter>
                                        <Parameter name="desert">
                                                <ParameterValue>ice cream</ParameterValue>
                                        </Parameter>
                                </ParamAction>
                        </Actions>
                        <Evidence> my weight is 500 lb</Evidence>
                </AuthorizationStatement>
        </AssertionSimple>
</Response>


To support this schema modifications are minimal:
We can define ParamAction element and everywhere we allow Action now we can allow
choice of Action or ParamAction. We also need Parameter element which is similar to
Attribute element. (Attribute element could be reused by I'm not in favor of that)

<Actions>
        <sequence>
                <choice minOccurs="1" maxOccurs="unbounded">
                        <element ref="saml:Action"/>
                        <element ref="saml:ParamAction"/>
                </choice>
        </sequence>
</Actions>

<element name="ParamAction" type="saml:ParamActionType"/>
<complexType name="ParamActionType">
        <sequence>
                <element ref="saml:Parameter" minOccurs="0" maxOccurs="unbounded"/>
        </sequence>
        <attribute name="ActionName" type="string" use="required"/>
</complexType>

<element name="Parameter" type="saml:ParameterType"/>
<complexType name="ParameterType">
        < same as AttributeType >
</complexType>

Simon Godik
Crosslogix

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC