OASIS eXtensible Access Control Markup Language (XACML) TC

RE: [xacml] FW: SAML AI 0076 - XACML Policy Transport

  • 1.  RE: [xacml] FW: SAML AI 0076 - XACML Policy Transport

    Posted 10-15-2003 16:02
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: RE: [xacml] FW: SAML AI 0076 - XACML Policy Transport


    I think all it would take to define a generic "PolicyStatement"
    is something the following:
    
      <xs:complexType name="PolicyStatementType">
         <xs:complexContent>
           <xs:extension base="saml:StatementAbstractType">
             <xs:sequence>
               <xs:any namespace="##any" processContents="lax"
    minOccurs="0" maxOccurs="unbounded"/>
             </xs:sequence>
             <xs:attribute name="PolicyType" type="xs:anyURI"
    use="required"/>
           </xs:extension>
         </xs:complexContent>
      </xs:complexType>
    
    Then add
    
      <element ref="saml:PolicyStatement"/>
    
    to the list of choices for an "AssertionType", and define
    
      <element name="PolicyStatement" type="PolicyStatementStype">
    
    This give SAML a generic "Policy Statement" syntax.
    
    For XACML use, we then define two "PolicyType" URI's:
    
     urn:oasis:names:tc:xacml:1.0:policy - content is an XACML Policy
     urn:oasis:names:tc:xacml:1.0:policyset - content is an XACML PolicySet
    
    Other policy languages could define other PolicyType URIs.
    
    We would define <PolicyIdQuery> and <PolicyTargetQuery> similarly.
    
    Would this be more generally useful?  I like the idea of a
    standard "Policy Statement" and "Policy Query" included in SAML.
    
    Anne
         
    On 15 October, Hal Lockhart writes: RE: [xacml] FW:  SAML AI 0076 - XACML Policy Transport
     > From: "Hal Lockhart" <hlockhar@bea.com>
     > To: <xacml@lists.oasis-open.org>
     > Subject: RE: [xacml] FW:  SAML AI 0076 - XACML Policy Transport
     > Date: Wed, 15 Oct 2003 11:39:07 -0400
     > 
     > On the SAML call yesterday (10/14) the few people who expressed an opinion
     > felt that this was more appropriate to do in XACML. They felt that if we
     > wanted to introduce an abstract "policy" element which could contain any
     > kind of policy, not just XACML and then define the XACML constructs below
     > that, it might make sense to have SAML define abstract policy layer.
     > Otherwise the feeling was this was more appropriate to do in XACML.
     > 
     > Unless somebody feels the abstract policy layer is important, I suggest we
     > simply do it as described below. If at a future time there is a push for an
     > abstract layer, we can adjust accordingly. DOing it in the XACML TC will
     > also make it easier to deal with any interactions with other proposed 2.0
     > changes, such as to Target.
     > 
     > My feeling is that this will have to be a separate profile. Any opinions on
     > this?
     > 
     > Hal
     > 
     > >