OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] xacml combiner alg extension points


On Wed, 4 Feb 2004, Michiharu Kudoh wrote:

> Hi, Polar
>
> >As long as it is understood that the above approach is just one approach,
> >depending on how you define your combining algorithm.
>
> I agree.
>
> >In general is another valid approach.
> >Are we agreed?
>
> also agree.
>
> >  <CombinerParameters>
> >    <CombinerParameter ParameterName="priority">
> >       <AttributeValue DataType="....#integer">10</AttributeValue>
> >    </CombinerParameter>
> >  </CombinerParameters>
>
> I think typed parameter is better.
> How about borrowing syntax for general attribute?
>
> <CombinerParameters>
>   <Attribute AttributeId="priority">
>     <AttributeValue DataType="...#integer>10</AttributeValue>
>   </Attribute>
> </CombinerParameters>

Actually I would like to see a more general aspect for values within a
Parameter. There is no reason these parameters cannot be full fledged
expressions as well.

I was hoping that we can come up with a XML type structure that will allow
an AttributeValue, Apply, Designator, Selector, Function, elements be
extensions of the same type, such as <ExpressionType>. But I'm not familar
enough with the idosyncrasies of XML schemas to know if that can be done.
It looks pretty convoluted.

Cheers,
-Polar



> Best,
> Michiharu
>
>
>
>
>              Polar Humenn
>              <polar@syr.edu>
>                                                                         To
>              2004/02/04 01:15          Michiharu Kudoh/Japan/IBM@IBMJP
>                                                                         cc
>                                        Simon Godik
>                                        <simon.godik@overxeer.com>,
>                                        xacml@lists.oasis-open.org
>                                                                    Subject
>                                        Re: [xacml] xacml combiner alg
>                                        extension points
>
>
>
>
>
>
>
>
>
>
>
> On Tue, 3 Feb 2004, Michiharu Kudoh wrote:
>
> > Hi, Polar, Simon
> >
> > Is the following example what you are suggesting?
> >
> > <Policy algid="priority-rule-combo-algo">
> >   <CombinerParameters>
> >     <CombinerParameter ParameterName="priority">10
> >     </CombinerParameter>
> >     <CombinerParameter ParameterName="priority">5
> >     </CombinerParameter>
> >   </CombinerParameters>
> >   <Rule effect="permit">... rule 1...</Rule>
> >   <Rule effect="permit">... rule 2 ...</Rule>
> > </Policy>
> >
> > (The first rule has priority 10 and the second rule has priority 5)
> > If so, this would satisfy my requirements.
>
> As long as it is understood that the above approach is just one approach,
> depending on how you define your combining algorithm.
>
> <Policy algid="priority-rule-combo-algo2">
>   <CombinerParameters>
>     <CombinerParameter ParameterName="priority">10
>     </CombinerParameter>
>   </CombinerParameters>
>   <Rule effect="permit">... rule 1...</Rule>
>   <CombinerParameters>
>     <CombinerParameter ParameterName="priority">5
>     </CombinerParameter>
>   </CombinerParameters>
>   <Rule effect="permit">... rule 2 ...</Rule>
> </Policy>
>
> In general is another valid approach.
> Are we agreed?
>
> A syntax clarification related to types. Must a CombinerParameter of a
> integer value represented as an AttributeValue? Sucb as:
>
>   <CombinerParameters>
>     <CombinerParameter ParameterName="priority">
>        <AttributeValue DataType="....#integer">10</AttributeValue>
>     </CombinerParameter>
>   </CombinerParameters>
>
> Should they be allowed to be expressions?
>
> Cheers,
> -Polar
>
> >
> > Best,
> > Michiharu
> >
> >
> >
> >
> >              "Simon Godik"
> >              <simon.godik@over
> >              xeer.com>
> To
> >                                        <xacml@lists.oasis-open.org>
> >              2004/02/03 16:28
> cc
> >
> >
> Subject
> >                                        [xacml] xacml combiner alg
> >                                        extension points
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > xacml extension points proposal.
> >
> > Polar pointed out that previous xacml extension proposal is somewhat
> > misleading with it's use of
> > @MustUnderstand attribute and where parameters are interpreted.
> >
> > Here is cleaned up version, hopefully.
> >
> > Proposal:
> >
> > Allow element of type <xacml:CombinerParametersType> as an optional child
> > of <xacml:PolicySet> and <xacml:Policy> elements.
> > <xacml:CombinerParameters> element contains a list of parameters specific
> > to the enclosing combining algorithm. Combiner parameters are input to
> the
> > combining algorithm only and can not be directly interpreted by the pdp.
> >
> > Schema:
> > <xs:element name="CombinerParameters"
> type="xacml:CombinerParametersType"/>
> > <xs:complexType name="CombinerParametersType">
> > <xs:sequence>
> > <xs:element ref="xacml:CombinerParameter" minOccurs="0"
> > maxOccurs="unbounded"/>
> > </xs:sequence>
> > </xs:complexType>
> > <!-- -->
> > <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
> > <xs:complexType name="CombinerParameterType">
> > <xs:sequence>
> > <xs:any namespace="##any" processContents="lax" minOccurs="0"
> > maxOccurs="unbounded"/>
> > </xs:sequence>
> > <xs:attribute name="ParameterName" type="string" use="required"/>
> > </xs:complexType>
> >
> > Simon
> >
> >
> >
> > To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
> .
> >
>
> To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
> .
>
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]