MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] xacml combiner alg extension points
On Tue, 3 Feb 2004, Michiharu Kudoh wrote:
> Hi, Polar, Simon
>
> Is the following example what you are suggesting?
>
> <Policy algid="priority-rule-combo-algo">
> <CombinerParameters>
> <CombinerParameter ParameterName="priority">10
> </CombinerParameter>
> <CombinerParameter ParameterName="priority">5
> </CombinerParameter>
> </CombinerParameters>
> <Rule effect="permit">... rule 1...</Rule>
> <Rule effect="permit">... rule 2 ...</Rule>
> </Policy>
>
> (The first rule has priority 10 and the second rule has priority 5)
> If so, this would satisfy my requirements.
As long as it is understood that the above approach is just one approach,
depending on how you define your combining algorithm.
<Policy algid="priority-rule-combo-algo2">
<CombinerParameters>
<CombinerParameter ParameterName="priority">10
</CombinerParameter>
</CombinerParameters>
<Rule effect="permit">... rule 1...</Rule>
<CombinerParameters>
<CombinerParameter ParameterName="priority">5
</CombinerParameter>
</CombinerParameters>
<Rule effect="permit">... rule 2 ...</Rule>
</Policy>
In general is another valid approach.
Are we agreed?
A syntax clarification related to types. Must a CombinerParameter of a
integer value represented as an AttributeValue? Sucb as:
<CombinerParameters>
<CombinerParameter ParameterName="priority">
<AttributeValue DataType="....#integer">10</AttributeValue>
</CombinerParameter>
</CombinerParameters>
Should they be allowed to be expressions?
Cheers,
-Polar
>
> Best,
> Michiharu
>
>
>
>
> "Simon Godik"
> <simon.godik@over
> xeer.com> To
> <xacml@lists.oasis-open.org>
> 2004/02/03 16:28 cc
>
> Subject
> [xacml] xacml combiner alg
> extension points
>
>
>
>
>
>
>
>
>
>
> xacml extension points proposal.
>
> Polar pointed out that previous xacml extension proposal is somewhat
> misleading with it's use of
> @MustUnderstand attribute and where parameters are interpreted.
>
> Here is cleaned up version, hopefully.
>
> Proposal:
>
> Allow element of type <xacml:CombinerParametersType> as an optional child
> of <xacml:PolicySet> and <xacml:Policy> elements.
> <xacml:CombinerParameters> element contains a list of parameters specific
> to the enclosing combining algorithm. Combiner parameters are input to the
> combining algorithm only and can not be directly interpreted by the pdp.
>
> Schema:
> <xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/>
> <xs:complexType name="CombinerParametersType">
> <xs:sequence>
> <xs:element ref="xacml:CombinerParameter" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
> <xs:complexType name="CombinerParameterType">
> <xs:sequence>
> <xs:any namespace="##any" processContents="lax" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="ParameterName" type="string" use="required"/>
> </xs:complexType>
>
> Simon
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]