OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

Re: [xacml] xacml combiner alg extension points

  • 1.  Re: [xacml] xacml combiner alg extension points

    Posted 02-03-2004 11:25 
     MHonArc v2.5.0b2 -->


















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]
    


    







    Subject: Re: [xacml] xacml combiner alg extension points
    







    



    



Hi, Polar, Simon

Is the following example what you are suggesting?

<Policy algid="priority-rule-combo-algo">
  <CombinerParameters>
    <CombinerParameter ParameterName="priority">10
    </CombinerParameter>
    <CombinerParameter ParameterName="priority">5
    </CombinerParameter>
  </CombinerParameters>
  <Rule effect="permit">... rule 1...</Rule>
  <Rule effect="permit">... rule 2 ...</Rule>
</Policy>

(The first rule has priority 10 and the second rule has priority 5)
If so, this would satisfy my requirements.

Best,
Michiharu



                                                                           
             "Simon Godik"                                                 
             <simon.godik@over                                             
             xeer.com>                                                  To 
                                       <xacml@lists.oasis-open.org>        
             2004/02/03 16:28                                           cc 
                                                                           
                                                                   Subject 
                                       [xacml] xacml combiner alg          
                                       extension points                    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




xacml extension points proposal.

Polar pointed out that previous xacml extension proposal is somewhat
misleading with it's use of
@MustUnderstand attribute and where parameters are interpreted.

Here is cleaned up version, hopefully.

Proposal:

Allow element of type <xacml:CombinerParametersType> as an optional child
of <xacml:PolicySet> and <xacml:Policy> elements.
<xacml:CombinerParameters> element contains a list of parameters specific
to the enclosing combining algorithm. Combiner parameters are input to the
combining algorithm only and can not be directly interpreted by the pdp.

Schema:
<xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/>
<xs:complexType name="CombinerParametersType">
<xs:sequence>
<xs:element ref="xacml:CombinerParameter" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- -->
<xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
<xs:complexType name="CombinerParameterType">
<xs:sequence>
<xs:any namespace="##any" processContents="lax" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="ParameterName" type="string" use="required"/>
</xs:complexType>

Simon



    





    








    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]


Related Content