[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] xacml combiner alg extension points
Hi, Polar >As long as it is understood that the above approach is just one approach, >depending on how you define your combining algorithm. I agree. >In general is another valid approach. >Are we agreed? also agree. > <CombinerParameters> > <CombinerParameter ParameterName="priority"> > <AttributeValue DataType="....#integer">10</AttributeValue> > </CombinerParameter> > </CombinerParameters> I think typed parameter is better. How about borrowing syntax for general attribute? <CombinerParameters> <Attribute AttributeId="priority"> <AttributeValue DataType="...#integer>10</AttributeValue> </Attribute> </CombinerParameters> Best, Michiharu Polar Humenn <polar@syr.edu> To 2004/02/04 01:15 Michiharu Kudoh/Japan/IBM@IBMJP cc Simon Godik <simon.godik@overxeer.com>, xacml@lists.oasis-open.org Subject Re: [xacml] xacml combiner alg extension points On Tue, 3 Feb 2004, Michiharu Kudoh wrote: > Hi, Polar, Simon > > Is the following example what you are suggesting? > > <Policy algid="priority-rule-combo-algo"> > <CombinerParameters> > <CombinerParameter ParameterName="priority">10 > </CombinerParameter> > <CombinerParameter ParameterName="priority">5 > </CombinerParameter> > </CombinerParameters> > <Rule effect="permit">... rule 1...</Rule> > <Rule effect="permit">... rule 2 ...</Rule> > </Policy> > > (The first rule has priority 10 and the second rule has priority 5) > If so, this would satisfy my requirements. As long as it is understood that the above approach is just one approach, depending on how you define your combining algorithm. <Policy algid="priority-rule-combo-algo2"> <CombinerParameters> <CombinerParameter ParameterName="priority">10 </CombinerParameter> </CombinerParameters> <Rule effect="permit">... rule 1...</Rule> <CombinerParameters> <CombinerParameter ParameterName="priority">5 </CombinerParameter> </CombinerParameters> <Rule effect="permit">... rule 2 ...</Rule> </Policy> In general is another valid approach. Are we agreed? A syntax clarification related to types. Must a CombinerParameter of a integer value represented as an AttributeValue? Sucb as: <CombinerParameters> <CombinerParameter ParameterName="priority"> <AttributeValue DataType="....#integer">10</AttributeValue> </CombinerParameter> </CombinerParameters> Should they be allowed to be expressions? Cheers, -Polar > > Best, > Michiharu > > > > > "Simon Godik" > <simon.godik@over > xeer.com> To > <xacml@lists.oasis-open.org> > 2004/02/03 16:28 cc > > Subject > [xacml] xacml combiner alg > extension points > > > > > > > > > > > xacml extension points proposal. > > Polar pointed out that previous xacml extension proposal is somewhat > misleading with it's use of > @MustUnderstand attribute and where parameters are interpreted. > > Here is cleaned up version, hopefully. > > Proposal: > > Allow element of type <xacml:CombinerParametersType> as an optional child > of <xacml:PolicySet> and <xacml:Policy> elements. > <xacml:CombinerParameters> element contains a list of parameters specific > to the enclosing combining algorithm. Combiner parameters are input to the > combining algorithm only and can not be directly interpreted by the pdp. > > Schema: > <xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/> > <xs:complexType name="CombinerParametersType"> > <xs:sequence> > <xs:element ref="xacml:CombinerParameter" minOccurs="0" > maxOccurs="unbounded"/> > </xs:sequence> > </xs:complexType> > <!-- --> > <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/> > <xs:complexType name="CombinerParameterType"> > <xs:sequence> > <xs:any namespace="##any" processContents="lax" minOccurs="0" > maxOccurs="unbounded"/> > </xs:sequence> > <xs:attribute name="ParameterName" type="string" use="required"/> > </xs:complexType> > > Simon > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php . > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php .
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]