OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] xacml combiner alg extension points






Hi, Polar

>As long as it is understood that the above approach is just one approach,
>depending on how you define your combining algorithm.

I agree.

>In general is another valid approach.
>Are we agreed?

also agree.

>  <CombinerParameters>
>    <CombinerParameter ParameterName="priority">
>       <AttributeValue DataType="....#integer">10</AttributeValue>
>    </CombinerParameter>
>  </CombinerParameters>

I think typed parameter is better.
How about borrowing syntax for general attribute?

<CombinerParameters>
  <Attribute AttributeId="priority">
    <AttributeValue DataType="...#integer>10</AttributeValue>
  </Attribute>
</CombinerParameters>

Best,
Michiharu



                                                                           
             Polar Humenn                                                  
             <polar@syr.edu>                                               
                                                                        To 
             2004/02/04 01:15          Michiharu Kudoh/Japan/IBM@IBMJP     
                                                                        cc 
                                       Simon Godik                         
                                       <simon.godik@overxeer.com>,         
                                       xacml@lists.oasis-open.org          
                                                                   Subject 
                                       Re: [xacml] xacml combiner alg      
                                       extension points                    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





On Tue, 3 Feb 2004, Michiharu Kudoh wrote:

> Hi, Polar, Simon
>
> Is the following example what you are suggesting?
>
> <Policy algid="priority-rule-combo-algo">
>   <CombinerParameters>
>     <CombinerParameter ParameterName="priority">10
>     </CombinerParameter>
>     <CombinerParameter ParameterName="priority">5
>     </CombinerParameter>
>   </CombinerParameters>
>   <Rule effect="permit">... rule 1...</Rule>
>   <Rule effect="permit">... rule 2 ...</Rule>
> </Policy>
>
> (The first rule has priority 10 and the second rule has priority 5)
> If so, this would satisfy my requirements.

As long as it is understood that the above approach is just one approach,
depending on how you define your combining algorithm.

<Policy algid="priority-rule-combo-algo2">
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">10
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 1...</Rule>
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">5
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 2 ...</Rule>
</Policy>

In general is another valid approach.
Are we agreed?

A syntax clarification related to types. Must a CombinerParameter of a
integer value represented as an AttributeValue? Sucb as:

  <CombinerParameters>
    <CombinerParameter ParameterName="priority">
       <AttributeValue DataType="....#integer">10</AttributeValue>
    </CombinerParameter>
  </CombinerParameters>

Should they be allowed to be expressions?

Cheers,
-Polar

>
> Best,
> Michiharu
>
>
>
>
>              "Simon Godik"
>              <simon.godik@over
>              xeer.com>
To
>                                        <xacml@lists.oasis-open.org>
>              2004/02/03 16:28
cc
>
>
Subject
>                                        [xacml] xacml combiner alg
>                                        extension points
>
>
>
>
>
>
>
>
>
>
> xacml extension points proposal.
>
> Polar pointed out that previous xacml extension proposal is somewhat
> misleading with it's use of
> @MustUnderstand attribute and where parameters are interpreted.
>
> Here is cleaned up version, hopefully.
>
> Proposal:
>
> Allow element of type <xacml:CombinerParametersType> as an optional child
> of <xacml:PolicySet> and <xacml:Policy> elements.
> <xacml:CombinerParameters> element contains a list of parameters specific
> to the enclosing combining algorithm. Combiner parameters are input to
the
> combining algorithm only and can not be directly interpreted by the pdp.
>
> Schema:
> <xs:element name="CombinerParameters"
type="xacml:CombinerParametersType"/>
> <xs:complexType name="CombinerParametersType">
> <xs:sequence>
> <xs:element ref="xacml:CombinerParameter" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
> <xs:complexType name="CombinerParameterType">
> <xs:sequence>
> <xs:any namespace="##any" processContents="lax" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="ParameterName" type="string" use="required"/>
> </xs:complexType>
>
> Simon
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
.
>

To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]