[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] item "G" alternative: indexing hints
I think <Target> is indicating that the attribute can be indexed.
So your suggestion seems to be duplicating with the current semantics of
<Target>.
Michiharu Kudo
"Simon Godik"
<simon.godik@over To: <xacml@lists.oasis-open.org>
xeer.com> cc:
Subject: [xacml] item "G" alternative: indexing hints
2003/06/12 17:09
Item "G" aims to solve indexing problem by creating new element in the rule
head.
A simple alternative would be to provide indexing hints in the Policy
element.
We can define IndexingHints element as a child of the Policy element.
It would contain a sequence of attribute designators for indexing.
<xs:complexType name="IndexingHintsType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:choice>
<xs:element ref="xacml:SubjectAttributeDesignator"/>
<xs:element ref="xacml:ResourceAttributeDesignator"/>
<xs:element ref="xacml:ActionAttributeDesignator"/>
<xs:element ref="xacml:EnvironmentAttributeDesignator"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<Policy ...>
<IndexingHints>
<SubjectAttributeDesignator AttributeId="group" .../>
<ActionAttributeDesignator AttributeId="read" .../>
<EnvironmentAttributeDesignator AttributeId="purpose" .../>
</IndexingHints>
</Policy>
If rule contains indexable expression on an attribute specified in the
indexing hints, rule MAY be indexed.
Indexing rules is not a MUST, ie if xacml processor does not index rules it
is still compliant (but not very fast) processor.
Simon
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]