OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: The new combined decisions text

All,

Here is the updated text which I have put in the specs on the combined 
decision.

Please review this now, so we don't need to make another round of an 
updated spec on Jan 7.

Core schema:

<xs:complexType name="RequestType">
<xs:sequence>
<xs:element ref="xacml:RequestDefaults" minOccurs="0"/>
<xs:element ref="xacml:Attributes" maxOccurs="unbounded"/>
<xs:element ref="xacml:MultiRequests" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required" />
<xs:attribute name="CombinedDecision" type="xs:boolean" use="required" />
</xs:complexType>

The entire text of multiple profile, section 3:

3 Requests for a combined decision
{Optional}

A request for multiple decisions as specified by any of the schemes in 
section 2 MAY in addition specify that the Individual Decisions be 
combined into a single aggregated decision and that only this single 
combined decision will be returned to the PEP.

If the CombinedDecision attribute of the initial <Request> is True, then 
the <Response> MUST contain only a single combined decision in a single 
<Result> element, and the following apply to the combined decision, in 
the given order.

1. There MUST NOT be any <Attributes> elements in the combined <Result>.

2. If any of the individual results to be combined contain any 
obligations or advice, then the combined decision MUST be Indeterminate, 
with status code urn:oasis:names:tc:xacml:1.0:status:processing-error.

3. If all the individual results to be combined have the same decision 
value (Permit, Deny, NotApplicable or Indeterminate), then the combined 
decision MUST be equal to this common decision value. If the common 
decision value is Indeterminate, then the status code MUST be 
urn:oasis:names:tc:xacml:1.0:status:processing-error. If the common 
decision value is not Indeterminate, then the status code MUST be 
urn:oasis:names:tc:xacml:1.0:status:ok.

4. Otherwise the combined Decision MUST be Indeterminate, with status 
code urn:oasis:names:tc:xacml:1.0:status:processing-error.

3.1 Profile URI

The following URI SHALL be used as the URI identifier for the 
functionality specified in this Section of this Profile. This identifier 
represents metadata about this specification and implementations 
implementing this specification. This identifier MAY be used to describe 
capabilities of an implementation or to make other references to this 
specification.

• urn:oasis:names:tc:xacml:3.0:profile:multiple:combined-decision

Best regards,
Erik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]