RE: [xacml] RE: policy model, part 1

[Polar Humenn <polar@syr.edu>]

On Thu, 21 Feb 2002, Carlisle Adams wrote:

> Hi Polar,
>
> > ----------
> > From: 	Polar Humenn[SMTP:polar@syr.edu]
> > Sent: 	Thursday, February 21, 2002 4:17 PM
> > To: 	Carlisle Adams
> > Cc: 	'xacml@lists.oasis-open.org'
> > Subject: 	Re: [xacml] RE: policy model, part 1
> >
> > On Tue, 19 Feb 2002, Carlisle Adams wrote:
> >
> > > A RuleStatement contains the following items.
> > >   - a RuleCore, which is a triple ("subject", "action", "resource"),
> > > although one or two of the components may be missing (meaning "any").
> >
> > I would still like to see place holders for that information, such as
> > <AnySubject/>, <AnyAction/>, <AnyResource/>, so that it is explicit in
> > what it means. You can lock in the positions in the syntax as well, which
> > might lead to easier processing.
>
> This is fine, although the syntax is probably a little bit uglier (e.g., the
> <subjects> element now needs to be a choice of PredicateExpressionType and
> <AnySubject/>, rather than simply a PredicateExpressionType that may have
> zero predicates (minOccurs="0")).


Yeah, but although the schema may be a bit more complicated, who cares?
It's a schema, not the use of the actual language.

If you end up with minOccurs=0, then you have to allow for the following
cases hunting around for them:

nil
S
S,A
S,R
S,A,R
A
A,R
R

And that is only if they are ordered as such S,A,R.

Although, I'm not up on my XML schemas, I would think that you could
create a SubjectPredicateExpressionType that was a choice of a
PredicateExpresstionType and <AnySubject/>.

That way, you *know* it is a predicate about a subject (resource,
action) by position and compile indexing functions much more easily.

Wouldn't it?

-Polar




>
> But I can live with either.
>
> Carlisle.
>
>