[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] 1.1 Work Item: Detailed proposal for ConditionIdReference
Hi, Anne What you are suggesting is that using RuleReference can represent ConditionReference (in my proposal) if the specification level is one-level moved up to PolicySet level from Policy level? For example, the following policy specification using ConditionReference <Policy> <Condition Id="Cond1">expression1</Condition> <Target>Z</Target> <Rule> <Target>A</Target> <ConditionReference>Cond1 </Rule> <Rule> <Target>B</Target> <ConditionReference>Cond1 </Rule> </Policy> can be represented as: <PolicySet> <Rule Id="Rule1">rule 1(Target is ANY, includes only Cond1)</Rule> <Target>Z</Target> <Policy> <Target>A</Target> <RuleReference>rule1</RuleReference> </Policy> <Policy> <Target>B</Target> <RuleReference>rule1</RuleReference> </Policy> </PolicySet> Is this correct? Michiharu Anne Anderson <Anne.Anderson@Su To: XACML TC <xacml@lists.oasis-open.org> n.com> cc: Subject: [xacml] 1.1 Work Item: Detailed proposal for ConditionIdReference 2003/05/29 23:57 Please respond to Anne.Anderson The following message contains Michiharu's detailed proposal for implementing a ConditionIdReference: http://lists.oasis-open.org/archives/xacml/200304/msg00039.html The motivation is that a policy writer may have a common Condition statement that then needs to be included in various different Rules that have various Targets. I believe this can be accomplished using RuleIdReferences (another proposed 1.1 work item): define a Rule that has an "Any" Target and include the desired Condition in that Rule. Now, define a Policy for each of the various Targets, and include a reference to this common Rule in each (rather than spelling out the same Rule with the same Condition). Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]