OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposal for PDP metadata

All,

I just posted a proposal for a PDP metadata schema, (issue 36 on the 
wiki, though I don't yet handle all items identified in the issues 
list.) The intent with this is to allow for a PDP to declare/publish 
which features of XACML it implements. It is intended to work with any 
version of XACML, not just 3.0.

See the attached file for a sample metadata document.

The schema is extensible, for instance it allows generic parameters of 
capabilities. An example of this is the obligation families capability, 
which has parameters such as which families are implemented.

There is also an extension point in the top level element which allows 
any elements. I am not sure if this is actually needed.

Most identifiers remain to be defined, but I wanted to get feedback on 
what I have here before I do more work on it.

I defined metadata for two features which currently have no defined 
implementations, but which I would expect to be useful in the future. 
First, I defined a PDP location. This is an extension point and as 
standardized methods to access a PDP are developed, the content of this 
element can be defined. The second is an element declaring methods for 
resolving policy references. There is currently no such method, but I 
can imagine that there might be in the future.

Regards,
Erik


<?xml version="1.0" encoding="UTF-8"?>
<md:PDPMetadata XACMLVersion="3.0"
	xmlns:md="urn:oasis:names:tc:xacml:3.0:profile:metadata:v1:schema:wd-01"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
	xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:profile:metadata:v1:schema:wd-01
	 xacml-3.0-profile-metadata-v1-schema-wd-01.xsd">
	
	<md:Function FunctionId="urn:oasis:names:tc:xacml:3.0:function:xpath-node-equal"/>
	<md:DataType DataTypeId="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"/>
	<md:RuleCombiningAlgorithm AlgorithmId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"/>
	<md:PolicyCombiningAlgorithm AlgorithmId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"/>
	<md:Capability CapabilityId="urn:FIXME:obligations"/>
	<md:Capability CapabilityId="urn:FIXME:obligation-families"
		xmlns:fami="urn:FIXME:obligation-families-metadata">
		<fami:ObligationFamilyType FamilyId="urn:FIXME:exclusive"/>
	</md:Capability>	 
</md:PDPMetadata>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]