OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

imperative syntax for generalized xacml

  • 1.  imperative syntax for generalized xacml

    Posted 03-17-2005 10:56
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: imperative syntax for generalized xacml


    Tim describes procedures as a 'set and sequence of  isolated imperatives 
    and prohibitions'. Syntactically these are sequences of do's and do-not's
    qualified by the action uri.
    
    We'd like to qualify these expressions with ordered-or, any-of, and 
    all-of semantics. These semantics are simple enough for the pep to 
    understand.
    For example, we can allow access to the system and with the 'ordered-or' 
    enumerate a number of alternative actions a client must  perform,
    with 'any-of'  enumerate any action a client must perform etc.
    
    Imperatives can use ordered-or, any-of, all-of and prohibitions can use 
    all-of semantics.
    
    Syntactilcally, in addition to the imperative uri, we should be able to 
    communicate a set of applicable parameters as name-value pairs.
    xacml attribute-assignment element can be used for this.
    
    <xs:element name="Do" type="xacml:ImperativeType"/>
    <xs:element name="DoNot" type="xs:anyURI"/>
    
    <xs:complexType name="ImperativeType">
    <xs:sequence>
    <xs:element ref="xacml:AttributeAssignment" minOccurs="0" 
    maxOccurs="unbounded"/>
    </xs:sequence>
    <xs:attribute name="uri" type="xs:anyURI" use="required"/>
    </xs:complexType>
    
    <xs:element name="DoSequence" type="ImperativeSequenceType"/>
    <xs:complexType name="ImperativeSequenceType">
    <xs:sequence>
    <xs:element ref="xacml:Do" minOccurs="1" maxOccurs="unbounded"/> ==> at 
    least one imperative
    </xs:sequence>
    <xs:attirubte name="combination" type="xs:anyURI"/> ==> ordered-or, 
    any-of, all-of (we can define a type for it)
    </xs:complexType>
    
    <xs:complexType name="ProcedureType">
    <xs:sequence>
    <xs:element ref="xacml:DoSequence" minOccurs="0"/>
    <xs:element ref="xacml:DoNot" minOccurs="0" maxOccurs="unbounded"/>
    </xs:sequence>
    </xs:complexType>
    
    Procedure element is a child of Conclusion element.
    
    Simon
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]