[xmlspif] Re: Grouping 'like' categories using the name attribute in securityCategoryTagSet
- From: Jim Craigie <Jim.Craigie@xxxxxxxxxxxxxxx>
- To: xmlspif@xxxxxxxxxxxxx
- Date: Wed, 31 Mar 2010 03:47:18 +0100
I think trying to modify the SPIF format each time a customer has an unusual
idea is the wrong approach. In this case, the customer requirement could be
handled by better design of a security policy within the normal usage of
categories.
Jim
> Just a kick to see whether anyone has a preference.... I'd like to see
> a 'groupName' attribute, as in the example below, therefore on the UI
> we'd have a field named 'PROJECT' with 'PROJECT1', ' PROJECT2', '
> PROJECT3' as selectable options.
>
>
>
> Alan.
>
> <spif:securityCategoryTagSets>
>
> <spif:securityCategoryTagSet name="PROJECT1"
> groupName="PROJECT" id="1.1.1.1.0" >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project1"
> lacv="1" obsolete="false" xml:id="id_project1"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> <spif:securityCategoryTagSet name="PROJECT2"
> groupName="PROJECT" id="1.1.1.1.1" >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project2"
> lacv="1" obsolete="false" xml:id="id_project2"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> <spif:securityCategoryTagSet name="PROJECT3"
> groupName="PROJECT" id="1.1.1.1.2" >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project3"
> lacv="1" obsolete="false" xml:id="id_project3"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> </spif:securityCategoryTagSets>
>
>
>
>
>
>
>
> From: xmlspif-bounce@xxxxxxxxxxxxx [mailto:xmlspif-bounce@xxxxxxxxxxxxx]
> On Behalf Of Alan Borland
> Sent: 19 February 2010 2:11 PM
> To: xmlspif@xxxxxxxxxxxxx
> Subject: [xmlspif] Re: Grouping 'like' categories using the name
> attribute in securityCategoryTagSet
>
>
>
> I think my preference is for a new attribute, hopefully, part of the
> standard and not a BJ special. Up to now we have managed to use the
> SPIF without creating any additional 'BJ' special extensions. It would
> be shame to get this far and end up having to put in a private extension
> (I feel other developers attempting to create a UI for the SPIF will run
> into the same issue).
>
>
>
> Alan.
>
>
>
> From: xmlspif-bounce@xxxxxxxxxxxxx [mailto:xmlspif-bounce@xxxxxxxxxxxxx]
> On Behalf Of Graeme Lunt
> Sent: 16 February 2010 09:14
> To: xmlspif@xxxxxxxxxxxxx
> Subject: [xmlspif] Re: Grouping 'like' categories using the name
> attribute in securityCategoryTagSet
>
>
>
> Alan,
>
> I wouldn't want to remove the unique name from the schema check as the
> name is used in keyrefs to refer to required and excluded categories,
> and check the consistency of the SPIF.
>
> However, there is no such contraint on the name in a
> securityCategoryTag, so you could perhaps use that (in your example,
> they are all empty strings).
>
> You could use some formatting within the name on the
> securityCategoryTagSet e.g. "PROJECTS:Project1" - but it would probably
> be better just to define your own attribute "bj:tagSetGroup=PROJECTS".
>
> I am not sure whether this should be a standard attribute. What do other
> people think?
>
> Graeme
>
> On 10 February 2010 11:40, Alan Borland <Alan.Borland@xxxxxxxxxxxxxxx>
> wrote:
>
> I have an environment where the customer has defined a number of
> projects named "Project1", "Project2", "Project3" etc. Each project has
> a category OID assigned to it and on the user interface we'd like to
> group all of the projects together in a single list-box. We'd end up
> with a SPIF that may include the following:
>
>
>
> <spif:securityCategoryTagSets>
>
> <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.0"
> >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project1"
> lacv="1" obsolete="false" xml:id="id_project1"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.1"
> >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project2"
> lacv="1" obsolete="false" xml:id="id_project2"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> <spif:securityCategoryTagSet name="PROJECTS" id="1.1.1.1.2"
> >
>
> <spif:securityCategoryTag name=""
> tagType="tagType7" tag7Encoding="securityAttributes" minSelection="0"
> maxSelection="1">
>
> <spif:tagCategory name="Project3"
> lacv="1" obsolete="false" xml:id="id_project3"></spif:tagCategory>
>
> </spif:securityCategoryTag>
>
> </spif:securityCategoryTagSet>
>
> </spif:securityCategoryTagSets>
>
>
>
> However, this will fail the schema check because we don't have unique
> names for the 'name' attribute on the 'securityCategoryTagSet'
> ("PROJECTS"). This is what I was going to use to group 'like'
> categories together on the user interface. I need an attribute that can
> be used to 'group' similar categories together, the name seemed an easy
> choice for me and wondered whether the unique constraints could be
> removed from the schema, or a new 'group' attribute created?
>
>
>
> Any thoughts?
>
>
>
> Alan.
>
>
>
>
>
> Alan Borland
> Technical Architect
>
> Boldon James Limited, a QinetiQ company
>
> Mobile: +44 (0)7810 556709
> Direct: +44 (0)1270 507841
> Switch: +44 (0)1270 507800
> Email: alan.borland@xxxxxxxxxxxxxxx
> Web: www.boldonjames.com
>
>
>
>
>
> Classification added by SAFEmail - Labelling, Protective Marking and
> Release Control for Secure Messaging from Boldon James -
> www.boldonjames.com/safemail-ics
>
> << File: unknown.htm >>
Other related posts:
