MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: imperative syntax for generalized xacml
Tim describes procedures as a 'set and sequence of isolated imperatives
and prohibitions'. Syntactically these are sequences of do's and do-not's
qualified by the action uri.
We'd like to qualify these expressions with ordered-or, any-of, and
all-of semantics. These semantics are simple enough for the pep to
understand.
For example, we can allow access to the system and with the 'ordered-or'
enumerate a number of alternative actions a client must perform,
with 'any-of' enumerate any action a client must perform etc.
Imperatives can use ordered-or, any-of, all-of and prohibitions can use
all-of semantics.
Syntactilcally, in addition to the imperative uri, we should be able to
communicate a set of applicable parameters as name-value pairs.
xacml attribute-assignment element can be used for this.
<xs:element name="Do" type="xacml:ImperativeType"/>
<xs:element name="DoNot" type="xs:anyURI"/>
<xs:complexType name="ImperativeType">
<xs:sequence>
<xs:element ref="xacml:AttributeAssignment" minOccurs="0"
maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="uri" type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:element name="DoSequence" type="ImperativeSequenceType"/>
<xs:complexType name="ImperativeSequenceType">
<xs:sequence>
<xs:element ref="xacml:Do" minOccurs="1" maxOccurs="unbounded"/> ==> at
least one imperative
</xs:sequence>
<xs:attirubte name="combination" type="xs:anyURI"/> ==> ordered-or,
any-of, all-of (we can define a type for it)
</xs:complexType>
<xs:complexType name="ProcedureType">
<xs:sequence>
<xs:element ref="xacml:DoSequence" minOccurs="0"/>
<xs:element ref="xacml:DoNot" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
Procedure element is a child of Conclusion element.
Simon
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]