Skip to content

Enhancement proposal ‐ UML‐based agnostic Core model

Jump to bottom
Cyril Dangerville edited this page Feb 9, 2025 · 3 revisions

Here is a UML class diagram proposed as agnostic model for the Policy syntax, based on the latest discussed issues and XACML 4.0 draft schema (Request/Response data models still need to be added to get a complete XACML model):

UML class diagram

This class diagram relies on the new UML profile below for the definitions of the custom stereotypes (RestrictedString, Meta, etc.): UML profile

To explore the UML diagrams in more details, you may import the projects in the ZIP file into Eclipse Papyrus (tested with v6.7.0 - 2024-06).

Here are the mapping rules for mapping this UML model to the XML/JSON schemas (version Draft 2020-12 of JSON schema is used as reference):

UML PrimitiveTypes

UML RestrictedString

A UML class Foo stereotyped as <<RestrictedString>> represents a subtype of String restricted by a regular expression R, and this regex is specified as the pattern property value. The regex delimiters ^$ are implicit in this case, i.e. this pattern is matched against the whole string. (like in XSD simpleType restriction's pattern element).

XML schema mapping

If the class name is URI (resp. NCName), it is mapped to the standard xs:anyURI (resp. xs:NCName) type.

Else it is mapped to: xml <xs:simpleType name="FooType"> <xs:restriction base="xs:string"> <xs:pattern value="R"/> </xs:restriction> </xs:simpleType>

This covers the following XML types used in XACML schema:

  • xs:anyURI,
  • xs:NCName,
  • xacml:Version,
  • xacml:VersionMatch.

JSON schema mapping

If the class name is URI, it is mapped to: json { "type": "string", "format": "uri" } Else it is mapped to a new subschema (regex delimiters ^$ must be explicit in the pattern expression): json "$defs": { ... "Foo": { "type": "string", "pattern": "^R$" } ... }

UML Enumeration

A UML class Foo stereotyped as <<Enumeration>> represents a subtype of String that is an enumeration of string literals X, Y, etc.

XML schema mapping

 ```xml
 <xs:simpleType name="FooType">
	<xs:restriction base="xs:string">
		<xs:enumeration value="X"/>
		<xs:enumeration value="Y"/>
        ...
	</xs:restriction>
 </xs:simpleType>
 ```

This covers the following XML type(s) used in XACML schema:

  • xacml:Effect.

If there is at least one Datatype with a non-meta property (cf. next section UML stereotype Meta) of type Foo, then the definition above must be preceded by a definition of an element Foo with type FooType (non-meta properties will be references to this element) as follows:

     <xs:element name="Foo" type="xacml:FooType"/>
     <xs:simpleType name="FooType">
		<xs:restriction base="xs:string">
			<xs:enumeration value="X"/>
			<xs:enumeration value="Y"/>
            ...
		</xs:restriction>
	 </xs:simpleType>

This covers the following XML types / elements used in XACML schema:

  • xacml:Decision / xacml:DecisionType.

JSON schema mapping

 ```json
 "$defs": {
    ...
    "Foo": { "enum": ["X", "Y", ...] }
    ...
 }
 ```

UML Datatypes

  1. UML DatatypeDatatype mapping rule: ... Abstract Datatype: For XML mapping, create an abstract element with same name (e.g. Expression) but type with 'Type' suffix and first letter uppercase

    <xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/>
<xs:complexType name="ExpressionType" abstract="true"/>

    For JSON schema mapping (JSON schema does not support inheritance so we have to use workarounds), if a Datatype is abstract (title in italics), either it has no property (like Expression, Defaults) and can be defined in $defs as a oneOf combining all subtypes (including indirect subtypes)

        "Expression": { 
        "oneOf": [    
            { "$ref": "#/$defs/AttributeValue" },
            { "$ref": "#/$defs/AttributeDesignator" },
            { "$ref": "#/$defs/Function" },
            { "$ref": "#/$defs/Apply" }
            ...  
        ] 
    }

    See the rule 'Datatype extends another Datatype' for defining the subtypes.

    Else the abstract Datatype 'Foo' has properties (e.g. IdReference) and it is used as property type (not the case in XACML model but we never in the future) we have to define a new FooBase type

        "FooBase": { 
        "type": "object",
        "properties": {
            ...the properties...
        },
        "requiredProperties": ...
        "additionalProperties": false
    }

    "Foo": { 
        "oneOf": [    
            { "$ref": "#/$defs/SubclassA" },
            { "$ref": "#/$defs/SubclassB" },
            ...  
        ] 
    }

            
    "SubclassA": { 
        "allOf": [    
            { "$ref": "#/$defs/FooBase" },
            { 
                "type": "object",
                "properties": {
                    ...the properties...
                }
                "requiredProperties": ...
                "additionalProperties": false
            } 
        ] 
    }
    ...

    See the rule 'Datatype extends another Datatype' for defining the subtypes.

    Mapping properties (meta / non-meta):

    • Property type:
      • Primitive:
        • standard types String, Boolean, etc. mapped to corresponding standard types in XML/JSON
        • RestrictedString type (URI, Version, etc.), see first rule, give example in JSON)
        • Datatype: if the datatype is abstract without any property, and only this property is using it, can be mapped to XML xs:choice between all subtypes
    • multiplicity 0..1 (JSON: not in requiredProperties) or 1 (in requiredProperties) or * (type array, not in required properties) or 1..* (type array, in required properties, and array size >= 1)
    • additionalProperties = false by default

UML stereotype Meta

  1. Datatype - in JSON additionalProperties=false unless - AnyProperty (oneAndOnly=boolean, if true minOccurs=maxOccurs=1, else minOccurs=0, maxOccurs=unbounded) or AnyMetaProperty (JSON). In JSON, if AnyProperty (oneAndOnly=false) then additionalProperties=true and that's it. if AnyProperty (oneAndOnly=true), then if not AnyMetaProperty, we set minProperties=maxProperties=1, else if AnyMetaProperty, we set only additionalProperties=true since JSON does not make a difference.

  2. Datatype - MixedContent

  3. If a Datatype extends another Datatype,

    In XML, create the complexType with Type suffix as extension of the SuperclassType, and create the element with same name, add the element to the substitutionGroup regardless (for Expression, but also for IdReference, no big deal):

    <xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
<xs:complexType name="VariableReferenceType">
	<xs:complexContent>
		<xs:extension base="xacml:ExpressionType">
			<xs:attribute name="VariableId" type="xs:string" use="required"/>
		</xs:extension>
	</xs:complexContent>
</xs:complexType>

    Note that substitutionGroup attribute can be multi-valued (multiple groups)

    In JSON, as mentioned for abstract datatype, if the superclass Foo is abstract and has properties, reference the FooBase type instead of Foo (e.g. ExactMatchIdReference -> IdReference)

            
    "SubclassA": { 
        "allOf": [    
            { "$ref": "#/$defs/FooBase" },
            { 
                "type": "object",
                "properties": {
                    ...the properties...
                }
                "requiredProperties": ...
                "additionalProperties": false
            } 
        ] 
    }

TO BE COMPLETED - WORK IN PROGRESS...

Clone this wiki locally