[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] xacml combiner alg extension points
On Wed, 4 Feb 2004, Michiharu Kudoh wrote: > Hi, Polar > > >As long as it is understood that the above approach is just one approach, > >depending on how you define your combining algorithm. > > I agree. > > >In general is another valid approach. > >Are we agreed? > > also agree. > > > <CombinerParameters> > > <CombinerParameter ParameterName="priority"> > > <AttributeValue DataType="....#integer">10</AttributeValue> > > </CombinerParameter> > > </CombinerParameters> > > I think typed parameter is better. > How about borrowing syntax for general attribute? > > <CombinerParameters> > <Attribute AttributeId="priority"> > <AttributeValue DataType="...#integer>10</AttributeValue> > </Attribute> > </CombinerParameters> Actually I would like to see a more general aspect for values within a Parameter. There is no reason these parameters cannot be full fledged expressions as well. I was hoping that we can come up with a XML type structure that will allow an AttributeValue, Apply, Designator, Selector, Function, elements be extensions of the same type, such as <ExpressionType>. But I'm not familar enough with the idosyncrasies of XML schemas to know if that can be done. It looks pretty convoluted. Cheers, -Polar > Best, > Michiharu > > > > > Polar Humenn > <polar@syr.edu> > To > 2004/02/04 01:15 Michiharu Kudoh/Japan/IBM@IBMJP > cc > Simon Godik > <simon.godik@overxeer.com>, > xacml@lists.oasis-open.org > Subject > Re: [xacml] xacml combiner alg > extension points > > > > > > > > > > > > On Tue, 3 Feb 2004, Michiharu Kudoh wrote: > > > Hi, Polar, Simon > > > > Is the following example what you are suggesting? > > > > <Policy algid="priority-rule-combo-algo"> > > <CombinerParameters> > > <CombinerParameter ParameterName="priority">10 > > </CombinerParameter> > > <CombinerParameter ParameterName="priority">5 > > </CombinerParameter> > > </CombinerParameters> > > <Rule effect="permit">... rule 1...</Rule> > > <Rule effect="permit">... rule 2 ...</Rule> > > </Policy> > > > > (The first rule has priority 10 and the second rule has priority 5) > > If so, this would satisfy my requirements. > > As long as it is understood that the above approach is just one approach, > depending on how you define your combining algorithm. > > <Policy algid="priority-rule-combo-algo2"> > <CombinerParameters> > <CombinerParameter ParameterName="priority">10 > </CombinerParameter> > </CombinerParameters> > <Rule effect="permit">... rule 1...</Rule> > <CombinerParameters> > <CombinerParameter ParameterName="priority">5 > </CombinerParameter> > </CombinerParameters> > <Rule effect="permit">... rule 2 ...</Rule> > </Policy> > > In general is another valid approach. > Are we agreed? > > A syntax clarification related to types. Must a CombinerParameter of a > integer value represented as an AttributeValue? Sucb as: > > <CombinerParameters> > <CombinerParameter ParameterName="priority"> > <AttributeValue DataType="....#integer">10</AttributeValue> > </CombinerParameter> > </CombinerParameters> > > Should they be allowed to be expressions? > > Cheers, > -Polar > > > > > Best, > > Michiharu > > > > > > > > > > "Simon Godik" > > <simon.godik@over > > xeer.com> > To > > <xacml@lists.oasis-open.org> > > 2004/02/03 16:28 > cc > > > > > Subject > > [xacml] xacml combiner alg > > extension points > > > > > > > > > > > > > > > > > > > > > > xacml extension points proposal. > > > > Polar pointed out that previous xacml extension proposal is somewhat > > misleading with it's use of > > @MustUnderstand attribute and where parameters are interpreted. > > > > Here is cleaned up version, hopefully. > > > > Proposal: > > > > Allow element of type <xacml:CombinerParametersType> as an optional child > > of <xacml:PolicySet> and <xacml:Policy> elements. > > <xacml:CombinerParameters> element contains a list of parameters specific > > to the enclosing combining algorithm. Combiner parameters are input to > the > > combining algorithm only and can not be directly interpreted by the pdp. > > > > Schema: > > <xs:element name="CombinerParameters" > type="xacml:CombinerParametersType"/> > > <xs:complexType name="CombinerParametersType"> > > <xs:sequence> > > <xs:element ref="xacml:CombinerParameter" minOccurs="0" > > maxOccurs="unbounded"/> > > </xs:sequence> > > </xs:complexType> > > <!-- --> > > <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/> > > <xs:complexType name="CombinerParameterType"> > > <xs:sequence> > > <xs:any namespace="##any" processContents="lax" minOccurs="0" > > maxOccurs="unbounded"/> > > </xs:sequence> > > <xs:attribute name="ParameterName" type="string" use="required"/> > > </xs:complexType> > > > > Simon > > > > > > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php > . > > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php > . > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]