This is a concrete problem statement for the XACML 1.1 work item titled
"Properties for new combining algorithms".
While the spec provides extensible framework for access control policy, the
current schema has very limited places to be used for specifying
application-specific information in the policy. In other words, even if the
local developer develops a new policy/rule combining algorithm to support
their semantics, additional information with regard to the policy must be
placed separately from the XACML policy.
For example, when you need to consider some priority among rules, it would
be reasonable to specify the priority number inside the XACML rule (or
policy) element. For example, <Rule @priority="5"> and
<Rule>...<priority>5</priority>...</Rule>. Current schema definition does
no allow such attribute or element insertion. Possible ways are to put
those information in <Description> element or to link such information
using some meta information but they are very ad-hoc way.
Therefore, XACML schema definition should be more flexible to support
application-specific property definitions.
Michiharu Kudo