[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [xacml] Proposal: Expression, Variable Definition/Reference Text
Hi Folks,
I found the text for the Variable Ref/Definition for the specification and
New schema (that Simon produced) for those changes. I don't know what
message URLs they are. but I haven't changed any thing. Hope this helps.
I'm just about out of here for the week.
Cheers,
-Polar
6.x Element Expression
The Expression element is not used directly in a policy. The Expression
element signifies that an element that extends the ExpressionType SHALL
appear in its place.
<xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/>
<xs:complexType name="ExpressionType" abstract="true"/>
6.x Element VariableDefinition
The VariableDefinition element SHALL be used to define a value that can be
referenced by a VariableReference element. The name supplied for its
VariableId attribute SHALL NOT occur in the VariableId attribute of any
other VariableDefinition element within the encompassing policy.
<xs:element name="VariableDefinition" type="xacml:VariableDefinitionType"/>
<xs:complexType name="VariableDefinitionType">
<xs:sequence>
<xs:element ref="xacml:Expression"/>
</xs:sequence>
<xs:attribute name="VariableId" type="xs:string" use="required"/>
</xs:complexType>
The VariableDefinition is of VariableDefinitionType:
The VariableDefinition has the following attributes and elements:
VariableId [Required]
The name of the variable.
<Expression>
The Expression is any element that is of the ExpressionType.
6.x Element VariableReference
The VariableReference is used to reference a value defined within the same
encompassing policy. The VariableReference element SHALL refer to the
VariableDefinition element by string equality on the value of their
respective VariableId attributes. There SHALL exist one and only one
VariableDefinition within the same encompassing policy for which the
VariableReference refers. There MAY be zero or more VariableReference
elements that refer to the same VariableDefinition element.
<xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="VariableReferenceType">
<xs:complexContent>
<xs:extension base="xacml:ExpressionType">
<xs:attribute name="VariableId" type="xs:string" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
The VariableReference is of the VariableReferenceType, which is of the
ExpressionType. The VariableReference element may appear any place an
Expression element is listed in the schema.
The VariableReference has the following attributes:
VariableId [Required]
The name used to refer to the value defined for the named variable in a
VariableDefinition element.
13.x Variable Reference Evaluation
The VariableReference element references a single VariableDefinition
element contained within the same policy. A VariableReference that does
not reference a particular VariableDefinition element within the
encompassing policy is called an undefined reference. Policies with
undefined references are invalid.
In any place where a VariableReference occurs, it has the effect as if the
text of the Expression defined in the VariableDefinition replaces the
VariableReference. However, any evaluation scheme that preserves this
semantics is acceptable. For instance, the expression in the
VariableDefinition may be evaluated to a particular value and cached for
multiple references without consequence. This charateristic is one of the
benefits of XACML being a declarative language.
====
NOTE: For all other elements that are now extensions of ExpressionType, we
should probably add the note that usually follows the schema fragments in
Section 6:
The XXXX element is of the XXXXType, which is of the ExpressionType. The
XXXX element may appear any place the Expression element is listed in the
schema.
=====
Cheers,
-Polar
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
<?xml version="1.0" encoding="UTF-8"?> <!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by bill parducci (pier64) --> <xs:schema targetNamespace="urn:oasis:xacml:2.0:policy:schema:wd:04" xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xacml="urn:oasis:xacml:2.0:policy:schema:wd:04" elementFormDefault="qualified" attributeFormDefault="unqualified"> <!-- --> <xs:element name="PolicySet" type="xacml:PolicySetType"/> <xs:complexType name="PolicySetType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:PolicySet"/> <xs:element ref="xacml:Policy"/> <xs:element ref="xacml:PolicySetIdReference"/> <xs:element ref="xacml:PolicyIdReference"/> </xs:choice> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="PolicySetIdReference" type="xs:anyURI"/> <xs:element name="PolicyIdReference" type="xs:anyURI"/> <!-- --> <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/> <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/> <xs:complexType name="DefaultsType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:XPathVersion"/> </xs:choice> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="XPathVersion" type="xs:anyURI"/> <!-- --> <xs:element name="Policy" type="xacml:PolicyType"/> <xs:complexType name="PolicyType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:VariableDefinition"/> <xs:element ref="xacml:Rule"/> </xs:choice> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/> <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="Description" type="xs:string"/> <!-- --> <xs:element name="Rule" type="xacml:RuleType"/> <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:element ref="xacml:Expression" minOccurs="0"/> <!-- xs:element ref="xacml:Condition" minOccurs="0"/--> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:simpleType name="EffectType"> <xs:restriction base="xs:string"> <xs:enumeration value="Permit"/> <xs:enumeration value="Deny"/> </xs:restriction> </xs:simpleType> <!-- --> <xs:element name="Target" type="xacml:TargetType"/> <xs:complexType name="TargetType"> <xs:sequence> <xs:element ref="xacml:Subjects" minOccurs="0"/> <xs:element ref="xacml:Resources" minOccurs="0"/> <xs:element ref="xacml:Actions" minOccurs="0"/> <xs:element ref="xacml:Environment" minOccurs="0"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Subjects" type="xacml:SubjectsType"/> <xs:complexType name="SubjectsType"> <xs:sequence> <xs:element ref="xacml:Subject" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Subject" type="xacml:SubjectType"/> <xs:complexType name="SubjectType"> <xs:sequence> <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Resources" type="xacml:ResourcesType"/> <xs:complexType name="ResourcesType"> <xs:sequence> <xs:element ref="xacml:Resource" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Resource" type="xacml:ResourceType"/> <xs:complexType name="ResourceType"> <xs:sequence> <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Actions" type="xacml:ActionsType"/> <xs:complexType name="ActionsType"> <xs:sequence> <xs:element ref="xacml:Action" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Action" type="xacml:ActionType"/> <xs:complexType name="ActionType"> <xs:sequence> <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Environment" type="xacml:EnvironmentType"/> <xs:complexType name="EnvironmentType"> <xs:sequence> <xs:element ref="xacml:EnvironmentMatch" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/> <xs:complexType name="SubjectMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/> <xs:complexType name="ResourceMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="ActionMatch" type="xacml:ActionMatchType"/> <xs:complexType name="ActionMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/> <xs:complexType name="EnvironmentMatchType"> <xs:sequence> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:EnvironmentAttributeDesignator"/> <xs:element ref="xacml:AttributeSelector"/> </xs:choice> </xs:sequence> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="VariableDefinition" type="xacml:VariableDefinitionType"/> <xs:complexType name="VariableDefinitionType"> <xs:sequence> <xs:element ref="xacml:Expression"/> </xs:sequence> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:complexType> <!-- --> <xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/> <xs:complexType name="ExpressionType" abstract="true"/> <!-- --> <xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/> <xs:complexType name="VariableReferenceType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:attribute name="VariableId" type="xs:string" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType" substitutionGroup="xacml:Expression"/> <xs:complexType name="AttributeSelectorType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:attribute name="RequestContextPath" type="xs:string" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/> <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/> <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/> <!-- --> <xs:complexType name="AttributeDesignatorType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:string" use="optional"/> <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType" substitutionGroup="xacml:Expression"/> <xs:complexType name="SubjectAttributeDesignatorType"> <xs:complexContent> <xs:extension base="xacml:AttributeDesignatorType"> <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="AttributeValue" type="xacml:AttributeValueType" substitutionGroup="xacml:Expression"/> <xs:complexType name="AttributeValueType" mixed="true"> <xs:complexContent mixed="true"> <xs:extension base="xacml:ExpressionType"> <xs:sequence> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:anyAttribute namespace="##any" processContents="lax"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="Function" type="xacml:FunctionType" substitutionGroup="xacml:Expression"/> <xs:complexType name="FunctionType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- <xs:complexType name="FunctionType"> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:complexType> --> <!-- --> <!--xs:element name="Apply" type="xacml:ApplyType"/--> <!--xs:element name="Condition" type="xacml:ApplyType"/--> <!-- --> <xs:element name="Apply" type="xacml:ApplyType" substitutionGroup="xacml:Expression"/> <xs:complexType name="ApplyType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:sequence> <xs:element ref="xacml:Expression" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- <xs:element name="HigherOrderApply" type="xacml:HigherOrderApplyType" substitutionGroup="xacml:Expression"/> <xs:complexType name="HigherOrderApplyType"> <xs:complexContent> <xs:extension base="xacml:ExpressionType"> <xs:sequence> <xs:element ref="xacml:Expression" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/> <xs:attribute name="HigherOrderCompareId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> --> <xs:element name="Obligations" type="xacml:ObligationsType"/> <xs:complexType name="ObligationsType"> <xs:sequence> <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Obligation" type="xacml:ObligationType"/> <xs:complexType name="ObligationType"> <xs:sequence> <xs:element ref="xacml:AttributeAssignment" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/> <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/> <xs:complexType name="AttributeAssignmentType" mixed="true"> <xs:complexContent mixed="true"> <xs:extension base="xacml:AttributeValueType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> </xs:schema>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]