[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: syntax for variables and variable references
Hi Tim,
Schemas are mods of v2-1 schema from the proposal
http://lists.oasis-open.org/archives/xacml/200401/msg00035.html by
Michiharu (work iterm 7)
Syntax for variables and variable
references.
Current variable syntax definition needs adjustment
to account for the
<condition> element. I think we should allow variables in target matches
as well.
(not yet included). Two possible alternatives for variable
syntax.
Alt a: <-- my preference
------ Drop <condition> element and replace it with the <apply> element. This makes it easy to create variable def and ref. Note that <condition> and <apply> are of the same type, so change is 'harmless'. The advantage of this approach is simplicity. There
is one element for
variable definition and one element for variable reference. ex 1a: rule with top-level
<apply>:
<rule> <target>...</target> <apply funcid="string-equal">...</apply> </rule> ex 2a: variable def is used in top-level
apply:
<var-def varid="cond1"> <apply funcid="string-equal">...</apply> </var-def> <rule>
<target>...</target> <var-ref varid="cond1"/> </rule> For the rule to be valid, <var-ref> must
resolve into <apply> element.
(which it does). Note that the same variable definition can be reused in top level <apply> and enclosed <apply> elements. Alt b:
------- Keep <condition> element. In addition to existing <variable-def> and <variable-ref> elements create <cond-var-def> and <cond-var-ref> elements. Then <cond-var-ref> is allowed as an alternative to <condition> in a rule. In addition to having more syntactic elements,
disadvantage of this approach
is that <cond-var-def> can not be reused for <variable-def>. ex 1b: The same as 2a but variable is defined for
condition:
<cond-def varid="cond1">
<cond funcid="string-equal">...</cond> </var-def> <rule>
<target>...</target> <cond-ref varid="cond1"/> </rule> Syntactic detail.
----------------- Variable is defined with the <VariableDef> element. Type of the variable defined by <VariableDef> is determined by the type of enclosed expression. Name of the variable defined by <VariableDef> is the value of VariableId attribute of type xs:string. (By derivation from the apply-core-type) Variable
definition can be applied to
any combination of <apply>, <function>, <attr-value>, <subj-attr-desig>, <res-attr-desig>, <act-attr-desig>, <env-attr-desig>, <attr-sel>, and <var-ref> elements. <xs:element name="VariableDef"
type="xacml:VariableDefType"/>
<xs:complexType name="VariableDefType"> <xs:complexContent> <xs:extension base="xacml:ApplyCoreType"> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> VariableId - required. This is variable
name.
Variable is dereferenced with the
<VariableRef> element. Variable name
is defined by the value of VariableId attribute of type xs:string. <xs:element name="VariableRef"
type="xacml:VariableRefType"/>
<xs:complexType name="VariableRefType"> <xs:attribute name="VariableId" type="xs:string"/> </xs:complexType> VariableId - required. This is variable name. Must
resolve to named variable
definition. Alternative
(a):
------------------------ Rule schema: <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:choice> <xs:element ref="xacml:Apply"/> <-- change: <cond> replaced with <apply> <xs:element ref="xacml:VariableRef"/> <-- new: variable ref </xs:choice> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> For the rule to be valid, <VariableRef> must
resolve into <apply> element.
Sequence of <VariableDef> elements is
included as a child of <Policy>
element following <PolicyDefaults> element. Alternative
(b).
------------------------------ Rule schema: <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:choice> <xs:element ref="xacml:Condition"/> <xs:element ref="xacml:CondVarRef"/> <-- new: condition var reference </xs:choice> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> <CondVarDef> defines condition variable.
Condition variable can be used
only for conditions. <xs:element name="CondVarDef"
type="xacml:CondVarDefType"/>
<xs:complexType name="CondVarDefType"> <xs:sequence> <xs:element ref="xacml:Condition"/> </xs:sequence> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:complexType> VariableId is a name of condition
variable.
Condition variable reference is of
<VariableRefType>:
<xs:element name="CondVarRef" type="xacml:VariableRefType"/> Condition variable reference must resolve to named
condition variable.
Sequence of choices between <VariableDef> and
<CondVarDef> elements is
included as a child of <Policy> element following <PolicyDefaults> element. Simon
|
<?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" elementFormDefault="qualified" attributeFormDefault="unqualified"> <!-- --> <xs:element name="PolicySet" type="xacml:PolicySetType"/> <xs:complexType name="PolicySetType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:PolicySet"/> <xs:element ref="xacml:Policy"/> <xs:element ref="xacml:PolicySetIdReference"/> <xs:element ref="xacml:PolicyIdReference"/> </xs:choice> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="PolicySetIdReference" type="xs:anyURI"/> <xs:element name="PolicyIdReference" type="xs:anyURI"/> <!-- --> <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/> <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/> <xs:complexType name="DefaultsType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:XPathVersion"/> </xs:choice> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="XPathVersion" type="xs:anyURI"/> <!-- --> <xs:element name="Policy" type="xacml:PolicyType"/> <xs:complexType name="PolicyType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:VariableDef"/> <xs:element ref="xacml:CondVarDef"/> </xs:choice> <xs:element ref="xacml:Target"/> <xs:element ref="xacml:Rule" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/> <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <xs:element name="Description" type="xs:string"/> <!-- --> <xs:element name="Rule" type="xacml:RuleType"/> <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:choice> <xs:element ref="xacml:Condition"/> <xs:element ref="xacml:CondVarRef"/> <!--xs:element ref="xacml:VariableRef"/--> </xs:choice> <!-- <xs:element ref="xacml:Condition" minOccurs="0"/> --> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:simpleType name="EffectType"> <xs:restriction base="xs:string"> <xs:enumeration value="Permit"/> <xs:enumeration value="Deny"/> </xs:restriction> </xs:simpleType> <!-- --> <xs:element name="Target" type="xacml:TargetType"/> <xs:complexType name="TargetType"> <xs:sequence> <xs:element ref="xacml:Subjects"/> <xs:element ref="xacml:Resources"/> <xs:element ref="xacml:Actions"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Subjects" type="xacml:SubjectsType"/> <xs:complexType name="SubjectsType"> <xs:choice> <xs:element ref="xacml:Subject" maxOccurs="unbounded"/> <xs:element ref="xacml:AnySubject"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="Subject" type="xacml:SubjectType"/> <xs:complexType name="SubjectType"> <xs:sequence> <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="AnySubject"/> <!-- --> <xs:element name="Resources" type="xacml:ResourcesType"/> <xs:complexType name="ResourcesType"> <xs:choice> <xs:element ref="xacml:Resource" maxOccurs="unbounded"/> <xs:element ref="xacml:AnyResource"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="AnyResource"/> <!-- --> <xs:element name="Resource" type="xacml:ResourceType"/> <xs:complexType name="ResourceType"> <xs:sequence> <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Actions" type="xacml:ActionsType"/> <xs:complexType name="ActionsType"> <xs:choice> <xs:element ref="xacml:Action" maxOccurs="unbounded"/> <xs:element ref="xacml:AnyAction"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="AnyAction"/> <!-- --> <xs:element name="Action" type="xacml:ActionType"/> <xs:complexType name="ActionType"> <xs:sequence> <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/> <xs:complexType name="SubjectMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/> <xs:complexType name="ResourceMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ActionMatch" type="xacml:ActionMatchType"/> <xs:complexType name="ActionMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType"/> <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <!-- --> <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType"/> <!-- --> <xs:complexType name="AttributeDesignatorType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:string" use="optional"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <!-- --> <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType"/> <xs:complexType name="SubjectAttributeDesignatorType"> <xs:complexContent> <xs:extension base="xacml:AttributeDesignatorType"> <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="AttributeValue" type="xacml:AttributeValueType"/> <xs:complexType name="AttributeValueType" mixed="true"> <xs:sequence> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType> <!-- --> <xs:element name="Function" type="xacml:FunctionType"/> <xs:complexType name="FunctionType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="Apply" type="xacml:ApplyType"/> <xs:element name="Condition" type="xacml:ApplyType"/> <!-- --> <xs:complexType name="ApplyType"> <xs:complexContent> <xs:extension base="xacml:ApplyCoreType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:complexType name="ApplyCoreType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:Apply"/> <xs:element ref="xacml:Function"/> <xs:element ref="xacml:AttributeValue"/> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:EnvironmentAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> <xs:element ref="xacml:VariableRef"/> </xs:choice> <!-- Legal types for the first and subsequent operands are defined in the accompanying table --> </xs:complexType> <!-- --> <xs:element name="Obligations" type="xacml:ObligationsType"/> <xs:complexType name="ObligationsType"> <xs:sequence> <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Obligation" type="xacml:ObligationType"/> <xs:complexType name="ObligationType"> <xs:sequence> <xs:element ref="xacml:AttributeAssignment" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/> <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/> <xs:complexType name="AttributeAssignmentType" mixed="true"> <xs:complexContent mixed="true"> <xs:extension base="xacml:AttributeValueType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="VariableDef" type="xacml:VariableDefType"/> <xs:complexType name="VariableDefType"> <xs:complexContent> <xs:extension base="xacml:ApplyCoreType"> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="VariableRef" type="xacml:VariableRefType"/> <xs:complexType name="VariableRefType"> <xs:attribute name="VariableId" type="xs:string"/> </xs:complexType> <!-- --> <xs:element name="CondVarDef" type="xacml:CondVarDefType"/> <xs:complexType name="CondVarDefType"> <xs:sequence> <xs:element ref="xacml:Condition"/> </xs:sequence> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:complexType> <!-- --> <xs:element name="CondVarRef" type="xacml:VariableRefType"/> <!-- --> </xs:schema>
<?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" elementFormDefault="qualified" attributeFormDefault="unqualified"> <!-- --> <xs:element name="PolicySet" type="xacml:PolicySetType"/> <xs:complexType name="PolicySetType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:PolicySet"/> <xs:element ref="xacml:Policy"/> <xs:element ref="xacml:PolicySetIdReference"/> <xs:element ref="xacml:PolicyIdReference"/> </xs:choice> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="PolicySetIdReference" type="xs:anyURI"/> <xs:element name="PolicyIdReference" type="xs:anyURI"/> <!-- --> <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/> <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/> <xs:complexType name="DefaultsType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:XPathVersion"/> </xs:choice> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="XPathVersion" type="xs:anyURI"/> <!-- --> <xs:element name="Policy" type="xacml:PolicyType"/> <xs:complexType name="PolicyType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/> <xs:element ref="xacml:VariableDef" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="xacml:Target"/> <xs:element ref="xacml:Rule" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/> <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <xs:element name="Description" type="xs:string"/> <!-- --> <xs:element name="Rule" type="xacml:RuleType"/> <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:choice> <xs:element ref="xacml:Apply"/> <xs:element ref="xacml:VariableRef"/> <!--xs:element ref="xacml:Condition"/--> </xs:choice> <!-- <xs:element ref="xacml:Condition" minOccurs="0"/> --> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:simpleType name="EffectType"> <xs:restriction base="xs:string"> <xs:enumeration value="Permit"/> <xs:enumeration value="Deny"/> </xs:restriction> </xs:simpleType> <!-- --> <xs:element name="Target" type="xacml:TargetType"/> <xs:complexType name="TargetType"> <xs:sequence> <xs:element ref="xacml:Subjects"/> <xs:element ref="xacml:Resources"/> <xs:element ref="xacml:Actions"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Subjects" type="xacml:SubjectsType"/> <xs:complexType name="SubjectsType"> <xs:choice> <xs:element ref="xacml:Subject" maxOccurs="unbounded"/> <xs:element ref="xacml:AnySubject"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="Subject" type="xacml:SubjectType"/> <xs:complexType name="SubjectType"> <xs:sequence> <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="AnySubject"/> <!-- --> <xs:element name="Resources" type="xacml:ResourcesType"/> <xs:complexType name="ResourcesType"> <xs:choice> <xs:element ref="xacml:Resource" maxOccurs="unbounded"/> <xs:element ref="xacml:AnyResource"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="AnyResource"/> <!-- --> <xs:element name="Resource" type="xacml:ResourceType"/> <xs:complexType name="ResourceType"> <xs:sequence> <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Actions" type="xacml:ActionsType"/> <xs:complexType name="ActionsType"> <xs:choice> <xs:element ref="xacml:Action" maxOccurs="unbounded"/> <xs:element ref="xacml:AnyAction"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="AnyAction"/> <!-- --> <xs:element name="Action" type="xacml:ActionType"/> <xs:complexType name="ActionType"> <xs:sequence> <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/> <xs:complexType name="SubjectMatchType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:AttributeValue"/> </xs:choice> <xs:choice> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/> <xs:complexType name="ResourceMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ActionMatch" type="xacml:ActionMatchType"/> <xs:complexType name="ActionMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType"/> <xs:complexType name="AttributeSelectorType"> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <!-- --> <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType"/> <!-- --> <xs:complexType name="AttributeDesignatorType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:string" use="optional"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <!-- --> <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType"/> <xs:complexType name="SubjectAttributeDesignatorType"> <xs:complexContent> <xs:extension base="xacml:AttributeDesignatorType"> <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="AttributeValue" type="xacml:AttributeValueType"/> <xs:complexType name="AttributeValueType" mixed="true"> <xs:sequence> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:complexType> <!-- --> <xs:element name="Function" type="xacml:FunctionType"/> <xs:complexType name="FunctionType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="Apply" type="xacml:ApplyType"/> <!--xs:element name="Condition" type="xacml:ApplyType"/--> <!-- --> <xs:complexType name="ApplyType"> <xs:complexContent> <xs:extension base="xacml:ApplyCoreType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:complexType name="ApplyCoreType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:Apply"/> <xs:element ref="xacml:Function"/> <xs:element ref="xacml:AttributeValue"/> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:EnvironmentAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> <xs:element ref="xacml:VariableRef"/> </xs:choice> <!-- Legal types for the first and subsequent operands are defined in the accompanying table --> </xs:complexType> <!-- --> <xs:element name="Obligations" type="xacml:ObligationsType"/> <xs:complexType name="ObligationsType"> <xs:sequence> <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Obligation" type="xacml:ObligationType"/> <xs:complexType name="ObligationType"> <xs:sequence> <xs:element ref="xacml:AttributeAssignment" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/> <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/> <xs:complexType name="AttributeAssignmentType" mixed="true"> <xs:complexContent mixed="true"> <xs:extension base="xacml:AttributeValueType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="VariableDef" type="xacml:VariableDefType"/> <xs:complexType name="VariableDefType"> <xs:complexContent> <xs:extension base="xacml:ApplyCoreType"> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="VariableRef" type="xacml:VariableRefType"/> <xs:complexType name="VariableRefType"> <xs:attribute name="VariableId" type="xs:string"/> </xs:complexType> <!-- --> </xs:schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]