MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] xacml combiner alg extension points
On Wed, 4 Feb 2004, Michiharu Kudoh wrote:
> Hi, Polar
>
> >As long as it is understood that the above approach is just one approach,
> >depending on how you define your combining algorithm.
>
> I agree.
>
> >In general is another valid approach.
> >Are we agreed?
>
> also agree.
>
> > <CombinerParameters>
> > <CombinerParameter ParameterName="priority">
> > <AttributeValue DataType="....#integer">10</AttributeValue>
> > </CombinerParameter>
> > </CombinerParameters>
>
> I think typed parameter is better.
> How about borrowing syntax for general attribute?
>
> <CombinerParameters>
> <Attribute AttributeId="priority">
> <AttributeValue DataType="...#integer>10</AttributeValue>
> </Attribute>
> </CombinerParameters>
Actually I would like to see a more general aspect for values within a
Parameter. There is no reason these parameters cannot be full fledged
expressions as well.
I was hoping that we can come up with a XML type structure that will allow
an AttributeValue, Apply, Designator, Selector, Function, elements be
extensions of the same type, such as <ExpressionType>. But I'm not familar
enough with the idosyncrasies of XML schemas to know if that can be done.
It looks pretty convoluted.
Cheers,
-Polar
> Best,
> Michiharu
>
>
>
>
> Polar Humenn
> <polar@syr.edu>
> To
> 2004/02/04 01:15 Michiharu Kudoh/Japan/IBM@IBMJP
> cc
> Simon Godik
> <simon.godik@overxeer.com>,
> xacml@lists.oasis-open.org
> Subject
> Re: [xacml] xacml combiner alg
> extension points
>
>
>
>
>
>
>
>
>
>
>
> On Tue, 3 Feb 2004, Michiharu Kudoh wrote:
>
> > Hi, Polar, Simon
> >
> > Is the following example what you are suggesting?
> >
> > <Policy algid="priority-rule-combo-algo">
> > <CombinerParameters>
> > <CombinerParameter ParameterName="priority">10
> > </CombinerParameter>
> > <CombinerParameter ParameterName="priority">5
> > </CombinerParameter>
> > </CombinerParameters>
> > <Rule effect="permit">... rule 1...</Rule>
> > <Rule effect="permit">... rule 2 ...</Rule>
> > </Policy>
> >
> > (The first rule has priority 10 and the second rule has priority 5)
> > If so, this would satisfy my requirements.
>
> As long as it is understood that the above approach is just one approach,
> depending on how you define your combining algorithm.
>
> <Policy algid="priority-rule-combo-algo2">
> <CombinerParameters>
> <CombinerParameter ParameterName="priority">10
> </CombinerParameter>
> </CombinerParameters>
> <Rule effect="permit">... rule 1...</Rule>
> <CombinerParameters>
> <CombinerParameter ParameterName="priority">5
> </CombinerParameter>
> </CombinerParameters>
> <Rule effect="permit">... rule 2 ...</Rule>
> </Policy>
>
> In general is another valid approach.
> Are we agreed?
>
> A syntax clarification related to types. Must a CombinerParameter of a
> integer value represented as an AttributeValue? Sucb as:
>
> <CombinerParameters>
> <CombinerParameter ParameterName="priority">
> <AttributeValue DataType="....#integer">10</AttributeValue>
> </CombinerParameter>
> </CombinerParameters>
>
> Should they be allowed to be expressions?
>
> Cheers,
> -Polar
>
> >
> > Best,
> > Michiharu
> >
> >
> >
> >
> > "Simon Godik"
> > <simon.godik@over
> > xeer.com>
> To
> > <xacml@lists.oasis-open.org>
> > 2004/02/03 16:28
> cc
> >
> >
> Subject
> > [xacml] xacml combiner alg
> > extension points
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > xacml extension points proposal.
> >
> > Polar pointed out that previous xacml extension proposal is somewhat
> > misleading with it's use of
> > @MustUnderstand attribute and where parameters are interpreted.
> >
> > Here is cleaned up version, hopefully.
> >
> > Proposal:
> >
> > Allow element of type <xacml:CombinerParametersType> as an optional child
> > of <xacml:PolicySet> and <xacml:Policy> elements.
> > <xacml:CombinerParameters> element contains a list of parameters specific
> > to the enclosing combining algorithm. Combiner parameters are input to
> the
> > combining algorithm only and can not be directly interpreted by the pdp.
> >
> > Schema:
> > <xs:element name="CombinerParameters"
> type="xacml:CombinerParametersType"/>
> > <xs:complexType name="CombinerParametersType">
> > <xs:sequence>
> > <xs:element ref="xacml:CombinerParameter" minOccurs="0"
> > maxOccurs="unbounded"/>
> > </xs:sequence>
> > </xs:complexType>
> > <!-- -->
> > <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
> > <xs:complexType name="CombinerParameterType">
> > <xs:sequence>
> > <xs:any namespace="##any" processContents="lax" minOccurs="0"
> > maxOccurs="unbounded"/>
> > </xs:sequence>
> > <xs:attribute name="ParameterName" type="string" use="required"/>
> > </xs:complexType>
> >
> > Simon
> >
> >
> >
> > To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
> .
> >
>
> To unsubscribe from this mailing list (and be removed from the roster of
> the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
> .
>
>
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]