[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] [Fwd: Useful change to XACML Schema]
Hi Erik sorry I missed the conference call today by an hour, at which this topic was presumably discussed. My answer is yes, we will carry the policies in the SAML profile of XACML (CD version 16 April 2009), in the <xacml-saml:ReferencedPolicies> element. But this element only allows XACML policies and policy sets. This is why we need policy set to be extended to allow any policies of any type to be included regards David Erik Rissanen wrote: > David, > > Why don't you put the policies into the enclosing transport protocol > which you use to transmit the XACML request context? It would be > analogous to the SAML profile request/response format which is defined > by XACML. Even XACML itself does not put policies into the request > context. They are part of the XACML/SAML wrapper protocol units. > > Best regards, > Erik > > David Chadwick wrote: >> Dear List >> >> In the EC TAS3 project we have a requirement to be able to dynamically >> pass policies to PDPs, but the policies wont always be written in the >> XACML language. e.g. we have a behavioural trust engine where the >> policy language is written in SWI-Prolog. However we still want to use >> the XACML request response context to pass the policy. We believe that >> a simple addition of a new extension point to the PolicySet element >> will allow alternative Policy formats to be included in the request. >> The way to accomplish this can by adding an extension point to the >> xs:choice element to allow any element in any Namespace to be added to >> the request. The Specification should then make clear that the >> extension point should only be used to define Policy related elements. >> >> Modified PolicySet Schema: >> >> <xs:complexType name="PolicySetType"> >> <xs:sequence> >> <xs:element ref="xacml:Description" minOccurs="0"/> >> <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/> >> <xs:element ref="xacml:Target"/> >> <xs:choice minOccurs="0" maxOccurs="unbounded"> >> <xs:element ref="xacml:PolicySet"/> >> <xs:element ref="xacml:Policy"/> >> <xs:element ref="xacml:PolicySetIdReference"/> >> <xs:element ref="xacml:PolicyIdReference"/> >> <xs:element ref="xacml:CombinerParameters"/> >> <xs:element ref="xacml:PolicyCombinerParameters"/> >> <xs:element ref="xacml:PolicySetCombinerParameters"/> >> * <!-- Extension Point for defining Authorisation >> Policies in different namespaces --> >> <xs:element ref="xs:any"/>* >> </xs:choice> >> <xs:element ref="xacml:Obligations" minOccurs="0"/> >> </xs:sequence> >> <xs:attribute name="PolicySetId" type="xs:anyURI" >> use="required"/> >> <xs:attribute name="Version" type="xacml:VersionType" >> default="1.0"/> >> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" >> use="required"/> >> </xs:complexType> >> >> Regards >> >> David >> >> ***************************************************************** >> David W. Chadwick, BSc PhD >> Professor of Information Systems Security >> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF >> Skype Name: davidwchadwick >> Tel: +44 1227 82 3221 >> Fax +44 1227 762 811 >> Mobile: +44 77 96 44 7184 >> Email: D.W.Chadwick@kent.ac.uk >> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html >> Research Web site: >> http://www.cs.kent.ac.uk/research/groups/iss/index.html >> Entrust key validation string: MLJ9-DU5T-HV8J >> PGP Key ID is 0xBC238DE5 >> >> ***************************************************************** >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > -- ------------------------------------------------------------- The Israeli group Breaking the Silence has just released a collection of testimonies by Israeli soldiers that took part in the Gaza attack last December and January. The testimonies expose significant gaps between the official stances of the Israeli military and events on the ground. See http://www.shovrimshtika.org/news_item_e.asp?id=30 The Israeli government defies Obama, and continues its settlement expansion Israel plans to allocate $250 million over the next two years for settlements http://www.palestinecampaign.org/index7b.asp?m_id=1&l1_id=4&l2_id=24&Content_ID=698 whilst simultaneously continuing to bulldoze Palestinian homes http://salsa.democracyinaction.org/o/301/t/9462/campaign.jsp?campaign_KEY=27357 ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]