OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Summary of the discussion on WI#10: Parameter for algorithm





I am supposed to post the summary of the discussion among Simon, Polar and
me. Let me clarify
the discussion we had so far.

1. Simon suggested the following extension to support combiner parameters:
                                                                            
 <xs:element name="CombinerParameters"                                      
 type="xacml:CombinerParametersType"/>                                      
 <xs:complexType name="CombinerParametersType">                             
 <xs:sequence>                                                              
 <xs:element ref="xacml:CombinerParameter" minOccurs="0"                    
 maxOccurs="unbounded"/>                                                    
 </xs:sequence>                                                             
 </xs:complexType>                                                          
 <!-- -->                                                                   
 <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>  
 <xs:complexType name="CombinerParameterType">                              
 <xs:sequence>                                                              
 <xs:any namespace="##any" processContents="lax" minOccurs="0"              
 maxOccurs="unbounded"/>                                                    
 </xs:sequence>                                                             
 <xs:attribute name="ParameterName" type="string" use="required"/>          
 </xs:complexType>                                                          
                                                                            



2. Example policies are:

<Policy algid="priority-rule-combo-algo">
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">10
    </CombinerParameter>
    <CombinerParameter ParameterName="priority">5
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 1...</Rule>
  <Rule effect="permit">... rule 2 ...</Rule>
</Policy>

and

<Policy algid="priority-rule-combo-algo">
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">10
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 1...</Rule>
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">5
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 2 ...</Rule>
</Policy>

3. Some concerns (raised by Polar)

Q1 How flexible should we allow for the combiner parameter? No limitation?
Q2 Should we provide a way to use XACML useful syntax (reference,
expressions etc.) for specifying combininng parameters?

There are two ways to address the above issues:
- No further syntactical limitation for combiner parameter
- Enforce more restriction on syntax for combiner parameter
(XACML-compliant syntax e.g. attribute value etc.)

Best,
Michiharu

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]