OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] Information element in the policy schema


I have a suggestion about the inclusion of <Information> element in the
policy. When you extend the core algorithm by using a local algorithm, that
algorithm may need to refer to some local information (e.g. precedence of
the rule, specified in the policy) for making decision. But I think there
is no place to specify such local information in the current policy schema.
There is a <Description> element but I think it should be used for English
text. So I would like to add <Information> element below <Rule>,
<Obligation>, <PolicyStatement>,  and <PolicySetStatement>. I am OK with
other name if it has the similar meaning. For your information, new schema
fragments are:

<xs:element name="Information" type="xacml:InformationType"/>

<xs:complexType name="InformationType">
      <xs:sequence>
            <xs:any namespace="##any" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
      </xs:sequence>
      <xs:anyAttribute namespace="##any" processContents="lax"/>
</xs:complexType>

<xs:complexType name="RuleType">
      <xs:sequence>
            <xs:element name="Description" type="xs:string" minOccurs="0"/>
            <xs:element ref="xacml:Information" minOccurs="0"/>
            <xs:element name="Target" type="xacml:TargetType" minOccurs
="0"/>
            <xs:element name="Condition" type="xacml:ConditionType"
minOccurs="0"/>
      </xs:sequence>
      <xs:attribute name="RuleId" type="xs:anyURI" use="required"/>
      <xs:attribute name="Effect" type="xacml:EffectType" use="required"/>
</xs:complexType>

<xs:complexType name="ObligationType">
      <xs:element ref="xacml:Information" minOccurs="0"/>
      <xs:choice maxOccurs="unbounded">
            <xs:element ref="xacml:AttributeDesignator"/>
            <xs:element name="AttributeAssignment" type
="xacml:AttributeAssignmentType"/>
      </xs:choice>
      <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
      <xs:attribute name="FulfilOn" type="xacml:EffectType" use
="required"/>
</xs:complexType>

<xs:complexType name="PolicySetStatementType">
      <xs:complexContent>
            <xs:extension base="saml:StatementAbstractType">
                  <xs:sequence>
                        <xs:element name="Description" type="xs:string"
minOccurs="0"/>
                        <xs:element ref="xacml:Information" minOccurs="0"/>
                        <xs:element name="Target" type="xacml:TargetType"/>
                        <xs:element name="PolicySet" type
="xacml:PolicySetType" maxOccurs="unbounded"/>
                        <xs:element name="Obligations" type
="xacml:ObligationsType" minOccurs="0"/>
                  </xs:sequence>
                  <xs:attribute name="PolicySetId" type="xs:anyURI" use
="required"/>
                  <xs:attribute name="PolicyCombiningAlgId" type
="xs:anyURI" use="required"/>
            </xs:extension>
      </xs:complexContent>
</xs:complexType>

<xs:complexType name="PolicyStatementType">
      <xs:complexContent>
            <xs:extension base="saml:StatementAbstractType">
                  <xs:sequence>
                        <xs:element name="Description" type="xs:string"
minOccurs="0"/>
                        <xs:element ref="xacml:Information" minOccurs="0"/>
                        <xs:element name="Target" type="xacml:TargetType"/>
                        <xs:element name="RuleSet" type="xacml:RuleSetType"
maxOccurs="unbounded"/>
                        <xs:element name="Obligations" type
="xacml:ObligationsType" minOccurs="0"/>
                  </xs:sequence>
                  <xs:attribute name="PolicyId" type="xs:anyURI" use
="required"/>
                  <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI"
use="required"/>
            </xs:extension>
      </xs:complexContent>
</xs:complexType>

Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC