OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] Fwd: policy schema 16d

  • 1.  [xacml] Fwd: policy schema 16d

    Posted 08-01-2002 00:48
    Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group, Sun Labs Sun Microsystems, Inc., Burlington, MA ---  Begin Message  --- From : Anne Anderson <aha@ieee.org> To : Anne.Anderson@sun.com Date : Wed, 31 Jul 2002 20:40:09 -0400 () <?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="urn:oasis:names:tc:xacml:0.16d:policy" xmlns:function="urn:oasis:names:tc:xacml:0.16d:function" xmlns:xs=" http://www.w3.org/2001/XMLSchema" ; xmlns:xacml="urn:oasis:names:tc:xacml:0.16d:policy" elementFormDefault="qualified" attributeFormDefault="unqualified"> <!-- --> <xs:element name="PolicySet" type="xacml:PolicySetType"/> <xs:complexType name="PolicySetType"> <xs:choice maxOccurs="unbounded"> <xs:element name="PolicySetId" type="xs:anyURI"/> <xs:element name="PolicyId" type="xs:anyURI"/> <xs:element ref="xacml:Defaults" minOccurs="0"/> <xs:element ref="xacml:PolicySet"/> <xs:element ref="xacml:Policy"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="Defaults" type="xacml:DefaultsType"/> <xs:complexType name="DefaultsType"> <xs:sequence> <xs:element ref="xacml:XPathVersion" minOccurs="0"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="XPathVersion" type="xs:anyURI"/> <!-- --> <xs:element name="Policy" type="xacml:PolicyType"/> <xs:complexType name="PolicyType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Defaults" minOccurs="0"/> <xs:element ref="xacml:Target"/> <xs:element ref="xacml:RuleSet" maxOccurs="unbounded"/> <xs:element ref="xacml:Obligations" minOccurs="0"/> </xs:sequence> <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/> <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:element name="Description" type="xs:string"/> <!-- --> <xs:element name="RuleSet" type="xacml:RuleSetType"/> <xs:complexType name="RuleSetType"> <xs:choice maxOccurs="unbounded"> <xs:element ref="xacml:Rule"/> <xs:element ref="xacml:RuleDesignator"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="RuleDesignator" type="xacml:RuleDesignatorType"/> <xs:complexType name="RuleDesignatorType"> <xs:sequence> <xs:element ref="xacml:RuleId" minOccurs="0"/> <xs:element ref="xacml:RuleDigest" minOccurs="0"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="RuleId" type="xs:anyURI"/> <!-- --> <xs:element name="RuleDigest" type="xacml:RuleDigestType"/> <xs:complexType name="RuleDigestType"> <xs:attribute name="DigestAlgId" type="xs:string" default="SHA-1"/> <xs:attribute name="Base64Digest" type="xs:base64Binary"/> </xs:complexType> <!-- --> <xs:element name="Rule" type="xacml:RuleType"/> <xs:complexType name="RuleType"> <xs:sequence> <xs:element ref="xacml:Description" minOccurs="0"/> <xs:element ref="xacml:Target" minOccurs="0"/> <xs:element ref="xacml:Condition" minOccurs="0"/> </xs:sequence> <xs:attribute name="RuleId" type="xs:anyURI" use="required"/> <xs:attribute name="Effect" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:simpleType name="EffectType"> <xs:restriction base="xs:string"> <xs:enumeration value="Permit"/> <xs:enumeration value="Deny"/> </xs:restriction> </xs:simpleType> <!-- --> <xs:element name="Target" type="xacml:TargetType"/> <xs:complexType name="TargetType"> <xs:sequence> <xs:element ref="xacml:Subjects"/> <xs:element name="Resources" type="xacml:ResourcesType"/> <xs:element name="Actions" type="xacml:ActionsType"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Subjects" type="xacml:SubjectsType"/> <xs:complexType name="SubjectsType"> <xs:choice> <xs:element ref="xacml:Subject" maxOccurs="unbounded"/> <xs:element ref="xacml:AnySubject"/> </xs:choice> </xs:complexType> <!-- --> <xs:element name="Subject" type="xacml:SubjectMatchType"/> <xs:element name="AnySubject"/> <!-- --> <xs:complexType name="ResourcesType"> <xs:choice> <xs:element name="Resource" type="xacml:ResourceMatchType" maxOccurs="unbounded"/> <xs:element name="AnyResource"/> </xs:choice> </xs:complexType> <!-- --> <xs:complexType name="ActionsType"> <xs:choice> <xs:element name="Action" type="xacml:ActionMatchType" maxOccurs="unbounded"/> <xs:element name="AnyAction"/> </xs:choice> </xs:complexType> <!-- --> <xs:complexType name="MatchAbstractType" abstract="true"> <xs:attribute name="MatchId" type="xs:QName" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required" fixed="xs:boolean"/> </xs:complexType> <!-- --> <xs:element name="Match" type="xacml:MatchType"/> <xs:complexType name="MatchType"> <xs:complexContent> <xs:extension base="xacml:MatchAbstractType"> <xs:sequence> <xs:choice> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:EnvironmentAttributeDesignator"/> </xs:choice> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/> <xs:complexType name="SubjectMatchType"> <xs:complexContent> <xs:extension base="xacml:MatchAbstractType"> <xs:sequence> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/> <xs:complexType name="ResourceMatchType"> <xs:complexContent> <xs:extension base="xacml:MatchAbstractType"> <xs:sequence> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="ActionMatch" type="xacml:ActionMatchType"/> <xs:complexType name="ActionMatchType"> <xs:complexContent> <xs:extension base="xacml:MatchAbstractType"> <xs:sequence> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:AttributeValue"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:complexType name="AttributeSelectorType"> <xs:attribute name="Path" type="xs:anyURI" use="required"/> </xs:complexType> <!-- --> <xs:complexType name="AttributeDesignatorType"> <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> <xs:attribute name="Issuer" type="xs:anyURI" use="optional"/> </xs:complexType> <!-- --> <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType"/> <xs:complexType name="SubjectAttributeDesignatorType"> <xs:complexContent> <xs:extension base="xacml:AttributeDesignatorType"> <xs:sequence> <xs:element ref="xacml:SubjectMatch" minOccurs="0"/> </xs:sequence> <xs:attribute name="SubjectCategory" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType"/> <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType"/> <!-- --> <xs:element name="AttributeValue" type="xacml:AttributeValueType"/> <xs:complexType name="AttributeValueType"> <xs:complexContent> <xs:extension base="xs:anyType"> <xs:attribute name="DataType" type="xs:anyURI" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> <xs:element name="Function" type="xacml:FunctionType"/> <xs:element name="Condition" type="xacml:FunctionType"/> <!-- --> <xs:complexType name="FunctionType"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:Function"/> <xs:element ref="xacml:AttributeValue"/> <xs:choice> <xs:element ref="xacml:SubjectAttributeDesignator"/> <xs:element ref="xacml:ResourceAttributeDesignator"/> <xs:element ref="xacml:ActionAttributeDesignator"/> <xs:element ref="xacml:EnvironmentAttributeDesignator"/> </xs:choice> </xs:choice> <xs:attribute name="FunctionId" type="xs:QName" use="required"/> <!-- Legal types for the first and subsequent operands are defined in the accompanying table --> </xs:complexType> <!-- --> <xs:element name="Obligations" type="xacml:ObligationsType"/> <xs:complexType name="ObligationsType"> <xs:sequence> <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <!-- --> <xs:element name="Obligation" type="xacml:ObligationType"/> <xs:complexType name="ObligationType"> <xs:choice maxOccurs="unbounded"> <xs:element ref="xacml:AttributeAssignment"/> <!-- xs:element ref="xacml:AttributeDesignator"/--> </xs:choice> <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/> <xs:attribute name="FulfilOn" type="xacml:EffectType" use="required"/> </xs:complexType> <!-- --> <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/> <xs:complexType name="AttributeAssignmentType"> <xs:complexContent> <xs:extension base="xacml:AttributeValueType"> <xs:attribute name="AttributeId" type="xs:anyURI"/> </xs:extension> </xs:complexContent> </xs:complexType> <!-- --> </xs:schema> ---  End Message  ---