[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Item 60 (Define standard "purpose" attributes)
Colleagues - Here are my proposals for addressing "purpose" in the v2.0 specification. Please consider and comment. All the best. Tim. 1. Append to Section B.6 urn:oasis:names:tc:xacml:2.0:resource:purpose This attribute, of type http://www.w3.org/2001/XMLSchema#string, indicates the purpose for which the data resource was collected. The owner of the resource SHOULD be informed and consent to the use of the resource for this purpose. The attribute value MAY be a regular expression. The custodian's privacy policy SHOULD define the semantics of all available values. 2. Append to Section B.7 urn:oasis:names:tc:xacml:2.0:action:purpose This attribute, of type http://www.w3.org/2001/XMLSchema#string, indicates the purpose for which access to the data resource is requested. Action purposes MAY be organized hierarchically, in which case the value MUST represent a node in the hierarchy. XACML does not specify a scheme for delimiting hierarchical levels. However, the chosen scheme MUST be consistent with the available values for resource purpose (see Section B.6). 3. Add following Section B.10 B.11 Standard rules B.11.1 Matching purpose This rule MUST be used with the urn:oasis:names:tc:xacml:2.0:rule-combining-algorithm:deny-overrides rule-combining algorithm. It stipulates that access SHALL be denied unless the purpose for which access is requested matches, by regular-expression match, the purpose for which the data resource was collected. <?xml version="1.0" encoding="UTF-8"?> <Rule xmlns="urn:oasis:xacml:2.0:policy:schema:wd:06" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:xacml:2.0:policy:schema:wd:06 D:\MYDATA~1\Standards\xacml\v2.0\DRD2FC~1\oasis-xacml-2_0-policy-schema-wd-0 6.xsd" RuleId=" urn:oasis:names:tc:xacml:2.0:matching-purpose" Effect="Permit"> <Condition FunctionId="urn:oasis:names:tc:xacml:2.0:function:regexp-string-match"> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose" DataType="http://www.w3.org/2001/XMLSchema#string"/> <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Condition> </Rule> ----------------------------------------------------------------- Tim Moses 613.270.3183
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]