Schema for “XACML Profile” (was: CfC: Policy Profile: XACML FPWD)

Le mardi 15 juin 2010 à 14:42 +0200, Dominique Hazael-Massieux a écrit :
> * 3.1 "schema" would be usefully completed with an actual schema (XML
> Schema or RelaxNG)

I've taken a first stab at writing up a schema for the schema describe
in the document, mostly to help me understand what the spec describes.

Given that the document is not very clear about the structure of the
policy documents, I based it on the BONDI tests [1] using
InstanceToSchema [2].

I completed it partially with my understanding of what the spec
describes — the resulting RelaxNG (compact format) is attached.

It doesn't include documents using policy or signed-policy as a root
element (none of these were in the BONDI tests); I've manually added the
subject-attr, environment-attr, resource-attr elements, although again
they didn't appear anywhere in the BONDI tests — I'm still not sure how
they are supposed to be used in practice, actually.

It's clear the schema misses a lot of the things the prose describe; in
some ways, I'm not sure it's a bug in the schema: I think the spec
should be as minimal as possible, and things that are made possible in
the spec but haven't made it to the BONDI test suite should be examined
closely. That said, if this is helpful, I'm happy to try and complete
the schema as needed.

It's probably too early to worry about specific XML format problems
(given the scope of the other issues with that document), and this is in
no way an exhaustive review, but since I've found some problems, I
thought I might as well document them:
* first-applicable is described as a combining rule in the prose
(2.14.3), but doesn't appear as a possible value of the combine
attribute in 3.1.3
* it's not clear why there should be a separate signed-policy element -
why isn't the existence of a signature child sufficient to determine a
signed policy? also
* the Reference element referred from the signature element is not
described anywhere; maybe does it refer to the XACML spec?
* the modifier functions syntax is rather awkward
(adding .nameofthefunction to the attribute value); since they only
apply to URIs, 3.1.8 should specify that the optional suffix should only
be used on attributes that take URIs as values
* the way the content (when the match attribute is missing) of the
resource-match and environment-match elements should be evaluated needs
to specified in more details (white-space handling, concatenation rules,
etc)
* I really don't understand what the widget-attr:name attribute is
supposed to be, and haven't found it used in the BONDI tests
* the processing rules of what happens with unknown values, missing
attributes/elements would be need to drastically improved/completed

Dom

1. http://tests.bondi.omtp.org/tests/policy/policy/
2. http://www.xmloperator.net/i2s/