I think trying to modify the SPIF format each time a customer has an unusual idea is the wrong approach. In this case, the customer requirement could be handled by better design of a security policy within the normal usage of categories. Jim > Just a kick to see whether anyone has a preference.... I'd like to see > a 'groupName' attribute, as in the example below, therefore on the UI > we'd have a field named 'PROJECT' with 'PROJECT1', ' PROJECT2', ' > PROJECT3' as selectable options. > > > > Alan. > > <spif:securityCategoryTagSets> > > <spif:securityCategoryTagSet name="PROJECT1" > groupName="PROJECT" id="1.1.1.1.0" > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project1" > lacv="1" obsolete="false" xml:id="id_project1"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > <spif:securityCategoryTagSet name="PROJECT2" > groupName="PROJECT" id="1.1.1.1.1" > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project2" > lacv="1" obsolete="false" xml:id="id_project2"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > <spif:securityCategoryTagSet name="PROJECT3" > groupName="PROJECT" id="1.1.1.1.2" > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project3" > lacv="1" obsolete="false" xml:id="id_project3"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > </spif:securityCategoryTagSets> > > > > > > > > From: xmlspif-bounce@xxxxxxxxxxxxx [mailto:xmlspif-bounce@xxxxxxxxxxxxx] > On Behalf Of Alan Borland > Sent: 19 February 2010 2:11 PM > To: xmlspif@xxxxxxxxxxxxx > Subject: [xmlspif] Re: Grouping 'like' categories using the name > attribute in securityCategoryTagSet > > > > I think my preference is for a new attribute, hopefully, part of the > standard and not a BJ special. Up to now we have managed to use the > SPIF without creating any additional 'BJ' special extensions. It would > be shame to get this far and end up having to put in a private extension > (I feel other developers attempting to create a UI for the SPIF will run > into the same issue). > > > > Alan. > > > > From: xmlspif-bounce@xxxxxxxxxxxxx [mailto:xmlspif-bounce@xxxxxxxxxxxxx] > On Behalf Of Graeme Lunt > Sent: 16 February 2010 09:14 > To: xmlspif@xxxxxxxxxxxxx > Subject: [xmlspif] Re: Grouping 'like' categories using the name > attribute in securityCategoryTagSet > > > > Alan, > > I wouldn't want to remove the unique name from the schema check as the > name is used in keyrefs to refer to required and excluded categories, > and check the consistency of the SPIF. > > However, there is no such contraint on the name in a > securityCategoryTag, so you could perhaps use that (in your example, > they are all empty strings). > > You could use some formatting within the name on the > securityCategoryTagSet e.g. "PROJECTS:Project1" - but it would probably > be better just to define your own attribute "bj:tagSetGroup=PROJECTS". > > I am not sure whether this should be a standard attribute. What do other > people think? > > Graeme > > On 10 February 2010 11:40, Alan Borland <Alan.Borland@xxxxxxxxxxxxxxx> > wrote: > > I have an environment where the customer has defined a number of > projects named "Project1", "Project2", "Project3" etc. Each project has > a category OID assigned to it and on the user interface we'd like to > group all of the projects together in a single list-box. We'd end up > with a SPIF that may include the following: > > > > <spif:securityCategoryTagSets> > > <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.0" > > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project1" > lacv="1" obsolete="false" xml:id="id_project1"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.1" > > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project2" > lacv="1" obsolete="false" xml:id="id_project2"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.2" > > > > <spif:securityCategoryTag name="" > tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0" > maxSelection="1"> > > <spif:tagCategory name="Project3" > lacv="1" obsolete="false" xml:id="id_project3"></spif:tagCategory> > > </spif:securityCategoryTag> > > </spif:securityCategoryTagSet> > > </spif:securityCategoryTagSets> > > > > However, this will fail the schema check because we don't have unique > names for the 'name' attribute on the 'securityCategoryTagSet' > ("PROJECTS"). This is what I was going to use to group 'like' > categories together on the user interface. I need an attribute that can > be used to 'group' similar categories together, the name seemed an easy > choice for me and wondered whether the unique constraints could be > removed from the schema, or a new 'group' attribute created? > > > > Any thoughts? > > > > Alan. > > > > > > Alan Borland > Technical Architect > > Boldon James Limited, a QinetiQ company > > Mobile: +44 (0)7810 556709 > Direct: +44 (0)1270 507841 > Switch: +44 (0)1270 507800 > Email: alan.borland@xxxxxxxxxxxxxxx > Web: www.boldonjames.com > > > > > > Classification added by SAFEmail - Labelling, Protective Marking and > Release Control for Secure Messaging from Boldon James - > www.boldonjames.com/safemail-ics > > << File: unknown.htm >>