[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] [CR#0143][text, schema change] 6.15 status detail formats:missing-attribute
In response to my action item to provide missing-attribute
StatusDetail schema fragment for the context schema, here is my proposal:
<xs:element name="MissingAttributeStatusDetail"
type="xacml-context:MissingAttributeStatusDetailType"/>
<xs:complexType name="MissingAttributeStatusDetailType">
<xs:sequence>
<xs:choice>
<xs:element ref="xacml:CategorizedSubjectAttributeDesignator"/>
<xs:element ref="xacml:SubjectAttributeDesignator"/>
<xs:element ref="xacml:QualifiedSubjectAttributeDesignator"/>
<xs:element ref="xacml:ResourceAttributeDesignator"/>
<xs:element ref="xacml:ActionAttributeDesignator"/>
<xs:element ref="xacml:EnvironmentAttributeDesignator"/>
<xs:element ref="xacml:AttributeSelector"/y>
</xs:choice>
<xs:element ref="xacml-context:AttributeValue" minOccurs="0"/>
</xs:complexType>
Note that StatusDetail is defined to take a sequence of xs:any
with minOccurs="0" and maxOccurs="unbounded". So if the PDP
wants to return information about more than one missing
attribute, it can use a StatusDetail element containing multiple
instances of the above schema fragment.
I use the xacml-context definition of AttributeValue because it
does not include DataType. If we use the xacml-policy
definition, then DataType will be specified in both the
AttributeDesignator/Selector AND in the AttributeValue.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC