OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: Useful change to XACML Schema]

Dear List

In the EC TAS3 project we have a requirement to be able to dynamically 
pass policies to PDPs, but the policies wont always be written in the 
XACML language. e.g. we have a behavioural trust engine where the policy 
language is written in SWI-Prolog. However we still want to use the 
XACML request response context to pass the policy. We believe that a 
simple addition of a new extension point to the PolicySet element will 
allow alternative Policy formats to be included in the request. The way 
to accomplish this can by adding an extension point to the xs:choice 
element to allow any element in any Namespace to be added to the 
request. The Specification should then make clear that the extension 
point should only be used to define Policy related elements.

Modified PolicySet Schema:

<xs:complexType name="PolicySetType">
         <xs:sequence>
             <xs:element ref="xacml:Description" minOccurs="0"/>
             <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/>
             <xs:element ref="xacml:Target"/>
             <xs:choice minOccurs="0" maxOccurs="unbounded">
                 <xs:element ref="xacml:PolicySet"/>
                 <xs:element ref="xacml:Policy"/>
                 <xs:element ref="xacml:PolicySetIdReference"/>
                 <xs:element ref="xacml:PolicyIdReference"/>
                 <xs:element ref="xacml:CombinerParameters"/>
                 <xs:element ref="xacml:PolicyCombinerParameters"/>
                 <xs:element ref="xacml:PolicySetCombinerParameters"/>
      *           <!-- Extension Point for defining Authorisation
Policies in different namespaces -->
                 <xs:element ref="xs:any"/>*
             </xs:choice>
             <xs:element ref="xacml:Obligations" minOccurs="0"/>
         </xs:sequence>
         <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
         <xs:attribute name="Version" type="xacml:VersionType"
default="1.0"/>
         <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI"
use="required"/>
     </xs:complexType>

Regards

David

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]