[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: Useful change to XACML Schema]
Dear List In the EC TAS3 project we have a requirement to be able to dynamically pass policies to PDPs, but the policies wont always be written in the XACML language. e.g. we have a behavioural trust engine where the policy language is written in SWI-Prolog. However we still want to use the XACML request response context to pass the policy. We believe that a simple addition of a new extension point to the PolicySet element will allow alternative Policy formats to be included in the request. The way to accomplish this can by adding an extension point to the xs:choice element to allow any element in any Namespace to be added to the request. The Specification should then make clear that the extension point should only be used to define Policy related elements. Modified PolicySet Schema: <xs:complexType name="PolicySetType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:PolicySet"/> <xs:element ref="xacml:Policy"/> <xs:element ref="xacml:PolicySetIdReference"/> <xs:element ref="xacml:PolicyIdReference"/> <xs:element ref="xacml:CombinerParameters"/> <xs:element ref="xacml:PolicyCombinerParameters"/> <xs:element ref="xacml:PolicySetCombinerParameters"/> * <!-- Extension Point for defining Authorisation Policies in different namespaces --> <xs:element ref="xs:any"/>* </xs:choice> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/> <xs:attribute name="Version" type="xacml:VersionType" default="1.0"/> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> Regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]