OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] Take 3: normative elements,identifiers,algorithms and whethermandatory

  • 1.  [xacml] Take 3: normative elements,identifiers,algorithms and whethermandatory

    Posted 08-14-2002 15:25
    [This time, attachment and corrected hyphenation for subject-category included] Attached is a list of all schema elements (16f.xsd), identifiers, and algorithms. Within each list, items are in alphabetical order. Each item is labelled "M" or " ", meaning "Mandatory to implement" or "normative, but not mandatory to implement", respectively. The list of identifiers includes Michiharu's additions. Questions: 1. Should the following elements in the policy schema be mandatory? ? xacml AbstractDefaults (abstract) ? xacml PolicyDefaults ? xacml PolicySetDefaults 2. Should we include xs: datatypes that we require to be supported, or do we assume all of them are mandatory? 3. Does flagging an attribute identifier as mandatory-to-implement mean that the corresponding attribute is mandatory-to-implement? (I assume yes) Please let me know if these are correct. Tim, if you would like to have these labelled by the section number in version 15 of the spec, let me know. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 Title: List of Normative XACML schema elements, identifiers, algorithms Author: Anne Anderson Version: 1.5, 02/08/14 (yy/mm/dd) Source: /net/labeast.east/files2/east/info/projects/isrg/xacml/docs/SCCS/s.mandatory.txt M means mandatory-to-implement Schema Elements ============================================== ? xacml AbstractDefaults (abstract) M xacml Action M xacml ActionAttributeDesignator M xacml ActionMatch M xacml Actions M xacml AnyAction M xacml AnyResource M xacml AnySubject M xacml Apply xacml AttributeAssignment xacml AttributeSelector M xacml AttributeValue M xacml Condition M xacml Description M xacml EnvironmentAttributeDesignator xacml Obligation xacml Obligations M xacml Policy ? xacml PolicyDefaults M xacml PolicyId M xacml PolicySet ? xacml PolicySetDefaults M xacml PolicySetId M xacml Resource M xacml ResourceAttributeDesignator M xacml ResourceMatch M xacml Resources M xacml Rule M xacml Subject M xacml SubjectAttributeDesignator M xacml SubjectAttributeDesignatorWhere M xacml SubjectMatch M xacml Subjects M xacml Target xacml XPathVersion M xacml-context Action M xacml-context Attribute M xacml-context AttributeValue M xacml-context Decision M xacml-context Environment xacml-context Obligations M xacml-context Request M xacml-context Resource xacml-context ResourceContent M xacml-context Response M xacml-context Result xacml-context Status xacml-context StatusCode xacml-context StatusDetail xacml-context StatusMessage M xacml-context Subject Algorithms ========== M Deny-Overrides M First-Applicable M Permit-Overrides Identifiers =========== M urn:oasis:names:tc:xacml:1.0 M urn:oasis:names:tc:xacml:1.0:auth-locality:dns-name urn:oasis:names:tc:xacml:1.0:auth-locality:ip-address M urn:oasis:names:tc:xacml:1.0:conformance-test M urn:oasis:names:tc:xacml:1.0:context M urn:oasis:names:tc:xacml:1.0:datatype:numeric M urn:oasis:names:tc:xacml:1.0:datatype:rfc822name M urn:oasis:names:tc:xacml:1.0:datatype:ufs-path M urn:oasis:names:tc:xacml:1.0:datatype:x500name M urn:oasis:names:tc:xacml:1.0:environment:current-time urn:oasis:names:tc:xacml:1.0:example:action urn:oasis:names:tc:xacml:1.0:example:action:read urn:oasis:names:tc:xacml:1.0:example:action:xml-ac urn:oasis:names:tc:xacml:1.0:example:attribute urn:oasis:names:tc:xacml:1.0:example:attribute:group urn:oasis:names:tc:xacml:1.0:example:attribute:role M urn:oasis:names:tc:xacml:1.0:function M urn:oasis:names:tc:xacml:1.0:policy M urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides M urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable M urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides M urn:oasis:names:tc:xacml:1.0:resource:resource-location M urn:oasis:names:tc:xacml:1.0:resource:resource-uri M urn:oasis:names:tc:xacml:1.0:resource:simple-file-name urn:oasis:names:tc:xacml:1.0:resource:xpath M urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides M urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable M urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides urn:oasis:names:tc:xacml:1.0:status:missing-attribute urn:oasis:names:tc:xacml:1.0:status:ok urn:oasis:names:tc:xacml:1.0:status:processing-error urn:oasis:names:tc:xacml:1.0:status:syntax-error M urn:oasis:names:tc:xacml:1.0:subject:authentication-method M urn:oasis:names:tc:xacml:1.0:subject:authentication-time M urn:oasis:names:tc:xacml:1.0:subject:key-info M urn:oasis:names:tc:xacml:1.0:subject:request-time M urn:oasis:names:tc:xacml:1.0:subject:session-start-time M urn:oasis:names:tc:xacml:1.0:subject:subject-category M urn:oasis:names:tc:xacml:1.0:subject:subject-id M urn:oasis:names:tc:xacml:1.0:subject:subject-id-qualifier M urn:oasis:names:tc:xacml:1.0:subject-category:access-subject urn:oasis:names:tc:xacml:1.0:subject-category:codebase urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine M xs:Gregorian xs:dayTimeDuration xs:yearMonthDuration