[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [xacml] Problem Statement for "Properties for new combining algorithms"
This is a concrete problem statement for the XACML 1.1 work item titled "Properties for new combining algorithms". While the spec provides extensible framework for access control policy, the current schema has very limited places to be used for specifying application-specific information in the policy. In other words, even if the local developer develops a new policy/rule combining algorithm to support their semantics, additional information with regard to the policy must be placed separately from the XACML policy. For example, when you need to consider some priority among rules, it would be reasonable to specify the priority number inside the XACML rule (or policy) element. For example, <Rule @priority="5"> and <Rule>...<priority>5</priority>...</Rule>. Current schema definition does no allow such attribute or element insertion. Possible ways are to put those information in <Description> element or to link such information using some meta information but they are very ad-hoc way. Therefore, XACML schema definition should be more flexible to support application-specific property definitions. Michiharu Kudo