OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  [xacml] New target schema

    Posted 07-15-2002 19:12
    Title: New target schema Colleagues - What do people think of this? ... 1. Treats "action" in a way that is identical to the other components of target. 2. Doesn't have a reserved value to indicate 'all'.  The value of Attribute and the MatchFunction have to be chosen to indicate 'all', if that is what is desired. 3. All the equality operators are included.  Perhaps some should not be allowed for the purposes of target. 4. Function will extend the MatchFunction list. 5. Do the function enumeration values have to be URIs.  A string like "numeric-equal" would be more succinct.  If we feel that function definitions would need a namespace qualifier, then we might as well leave the function name as a URI. 6. String-match uses the regular expression syntax. Let me have your thoughts. All the best.  Tim. <xs:complexType name="TargetType">         <xs:sequence>                 <xs:element name="Subjects" type="xacml:MatchType" maxOccurs="unbounded"/>                 <xs:element name="Resources" type="xacml:MatchType" maxOccurs="unbounded"/>                 <xs:element name="Actions" type="xacml:MatchType" maxOccurs="unbounded"/>         </xs:sequence> </xs:complexType> <!-- --> <xs:complexType name="MatchType">         <xs:sequence>                 <xs:element ref="xacml:AttributeDesignator"/>                 <xs:element ref="xacml:Attribute"/>         </xs:sequence>         <xs:attribute name="Match" type="xacml:MatchFunctionType"/> </xs:complexType> <!-- --> <xs:simpleType name="MatchFunctionType">         <xs:restriction base="xs:anyURI">                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:numeric-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:boolean-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:string-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:date-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:time-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:datetime-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:yearMonthDuration-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:dayTimeDuration-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:gregorian-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:hex-binary-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:base64-binary-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:anyURI-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:QName-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:NOTATION-equal"/>                 <xs:enumeration value="urn:oasis:names:tc:XACML:0.15g:operator:string-match"/>         </xs:restriction> </xs:simpleType> ----------------------------------------- Tim Moses Tel: 613.270.3183