[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: imperative syntax for generalized xacml
Tim describes procedures as a 'set and sequence of isolated imperatives and prohibitions'. Syntactically these are sequences of do's and do-not's qualified by the action uri. We'd like to qualify these expressions with ordered-or, any-of, and all-of semantics. These semantics are simple enough for the pep to understand. For example, we can allow access to the system and with the 'ordered-or' enumerate a number of alternative actions a client must perform, with 'any-of' enumerate any action a client must perform etc. Imperatives can use ordered-or, any-of, all-of and prohibitions can use all-of semantics. Syntactilcally, in addition to the imperative uri, we should be able to communicate a set of applicable parameters as name-value pairs. xacml attribute-assignment element can be used for this. <xs:element name="Do" type="xacml:ImperativeType"/> <xs:element name="DoNot" type="xs:anyURI"/> <xs:complexType name="ImperativeType"> <xs:sequence> <xs:element ref="xacml:AttributeAssignment" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="uri" type="xs:anyURI" use="required"/> </xs:complexType> <xs:element name="DoSequence" type="ImperativeSequenceType"/> <xs:complexType name="ImperativeSequenceType"> <xs:sequence> <xs:element ref="xacml:Do" minOccurs="1" maxOccurs="unbounded"/> ==> at least one imperative </xs:sequence> <xs:attirubte name="combination" type="xs:anyURI"/> ==> ordered-or, any-of, all-of (we can define a type for it) </xs:complexType> <xs:complexType name="ProcedureType"> <xs:sequence> <xs:element ref="xacml:DoSequence" minOccurs="0"/> <xs:element ref="xacml:DoNot" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> Procedure element is a child of Conclusion element. Simon
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]