W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2010

Schema for “XACML Profile” (was: CfC: Policy Profile: XACML FPWD)

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Tue, 22 Jun 2010 12:01:38 +0200
To: public-device-apis@w3.org
Message-ID: <1277200898.1845.719.camel@localhost>
Le mardi 15 juin 2010 à 14:42 +0200, Dominique Hazael-Massieux a écrit :
> * 3.1 "schema" would be usefully completed with an actual schema (XML
> Schema or RelaxNG)

I've taken a first stab at writing up a schema for the schema describe
in the document, mostly to help me understand what the spec describes.

Given that the document is not very clear about the structure of the
policy documents, I based it on the BONDI tests [1] using
InstanceToSchema [2].

I completed it partially with my understanding of what the spec
describes — the resulting RelaxNG (compact format) is attached.

It doesn't include documents using policy or signed-policy as a root
element (none of these were in the BONDI tests); I've manually added the
subject-attr, environment-attr, resource-attr elements, although again
they didn't appear anywhere in the BONDI tests — I'm still not sure how
they are supposed to be used in practice, actually.

It's clear the schema misses a lot of the things the prose describe; in
some ways, I'm not sure it's a bug in the schema: I think the spec
should be as minimal as possible, and things that are made possible in
the spec but haven't made it to the BONDI test suite should be examined
closely. That said, if this is helpful, I'm happy to try and complete
the schema as needed.

It's probably too early to worry about specific XML format problems
(given the scope of the other issues with that document), and this is in
no way an exhaustive review, but since I've found some problems, I
thought I might as well document them:
* first-applicable is described as a combining rule in the prose
(2.14.3), but doesn't appear as a possible value of the combine
attribute in 3.1.3
* it's not clear why there should be a separate signed-policy element -
why isn't the existence of a signature child sufficient to determine a
signed policy? also
* the Reference element referred from the signature element is not
described anywhere; maybe does it refer to the XACML spec?
* the modifier functions syntax is rather awkward
(adding .nameofthefunction to the attribute value); since they only
apply to URIs, 3.1.8 should specify that the optional suffix should only
be used on attributes that take URIs as values
* the way the content (when the match attribute is missing) of the
resource-match and environment-match elements should be evaluated needs
to specified in more details (white-space handling, concatenation rules,
etc)
* I really don't understand what the widget-attr:name attribute is
supposed to be, and haven't found it used in the BONDI tests
* the processing rules of what happens with unknown values, missing
attributes/elements would be need to drastically improved/completed

Dom

1. http://tests.bondi.omtp.org/tests/policy/policy/
2. http://www.xmloperator.net/i2s/

start = d1_policy-set
d1_policy-set =
  element policy-set {
    attribute combine { "deny-overrides" | "permit-overrides" | "first-matching-target" }?,
    (d1_policy-set*,
     element policy {
       attribute combine { "deny-overrides" | "permit-overrides" | "first-matching-target" | "first-applicable" }?,
       (element target {
          element subject {
            subject_match
          }+
        }?,
        element rule {
          attribute effect { "permit" | "prompt-blanket" | "prompt-session" | "prompt-oneshot" | "deny" }?,
          element condition {
            attribute combine { "and" | "or" },
            element resource-match {
              attribute attr { resource_attr_values },
              mixed {
	        subject_attr?,
	        resource_attr?,
	        environment_attr?
	      }
            }*,
	    subject_match*,
	    element environment-match {
              attribute attr { environment_attr_values },
	      mixed {
	        subject_attr?,
	        resource_attr?,
	        environment_attr?
	      }
	    }*
          }?
        }*)
     }*)
  }



subject_match = element subject-match {
              (attribute attr { suject_attr_values  },
               attribute func { "glob" | "regexp" | "equal" }?,
               attribute match { text }?),
              text
            }
suject_attr_values = xsd:string { pattern = "(class|install-uri|id|version|distributor-key-cn|distributor-key-fingerprint|distributor-key-root-cn|distributor-key-root-fingerprint|author-key-cn|author-key-fingerprint|author-key-root-cn|author-key-root-fingerprint|widget-attr:name|uri|sign-schema|uri-top|key-root-cn|key-root-fingerprint)(\.scheme|\.authority|\.scheme-authority|\.host|\.path)?" }
# param:* restrictions based on WebIDL identifiers http://dev.w3.org/2006/webapi/WebIDL/#prod-identifier
resource_attr_values = xsd:string { pattern = "(api-feature|device-cap|(param:[A-Z_a-z][0-9A-Z_a-z]*)|feature-install-uri|feature-key-cn|feature-key-root-cn|feature-key-root-fingerprint)(\.scheme|\.authority|\.scheme-authority|\.host|\.path)?" }
environment_attr_values = xsd:string { pattern = "(roaming|bearer-type)" }

subject_attr = element subject-attr {
	     attribute attr { suject_attr_values }
}
resource_attr = element resource-attr {
	     attribute attr { resource_attr_values }
}
environment_attr = element environment-attr {
	     attribute attr { environment_attr_values }
}
# @@@ signed-policy (why?)
# @@@ missing first-applicable as policy/@combine
# applicability of modifier functions to non URIs values
Received on Tuesday, 22 June 2010 10:01:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:10 GMT