Remove Attribute's IncludeInResult from Result and PolicyIssuer

[cdanger]

The attribute IncludeInResult is always required on the Attribute element, even when returned in a Result or used in PolicyIssuer although it does not make sense there.
Is there a way to remove it in these cases? (But keep it in the Request.)
What are the options?

[steven-legg]

The attribute IncludeInResult is always required on the Attribute element, even when returned in a Result where it does not make sense. Is there a way to remove it from the Result's Attributes? (But keep it in the Request.) What are the options?

Yes, IncludeInResult in a result is daft. It doesn't make sense in PolicyIssuer either. The JSON profile made it default false, which means it can be left out in a result. We could do the same in XSD.

Another option is to define a base AttributeType without IncludeInResult and define a RequestAttributeType with IncludeInResult derived from AttributeType. I'd still make IncludeInResult default false since I much less frequently need to set it to true. We would need to split Attributes as well (renamed to Category in the JSON profile).

[cdanger]

I prefer the second option, but in that case, we'd need a new element like RequestAttribute (of RequestAttributeType) as well.

So as I understand it, the changes to the XML schema if we go down that road:

• New AttributeType definition (without IncludeInResult):

<xs:element name="Attribute" type="xacml:AttributeType"/>
<xs:complexType name="AttributeType">
   <xs:sequence>
          <xs:element ref="xacml:AttributeValue" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
   <xs:attribute name="Issuer" type="xs:string" use="optional"/>
   <!-- IncludeInResult REMOVED -->
   <!--<xs:attribute name="IncludeInResult" type="xs:boolean" use="required"/>-->
</xs:complexType>

• New element/type RequestAttribute / RequestAttributeType (derived from the new AttributeType above, with optional IncludeInResult):

<!-- Other name suggestions besides RequestAttribute? -->
<xs:element name="RequestAttribute" type="xacml:RequestAttributeType"/>
<xs:complexType name="RequestAttributeType">
   <xs:complexContent>
          <xs:extension base="xacml:AttributeType">
                <!-- IncludeInResult use changed from required to optional with default false -->
                <xs:attribute name="IncludeInResult" type="xs:boolean" use="optional" default="false"/>
          </xs:extension>
   </xs:complexContent>
</xs:complexType>

• New element Category similar to Attributes but using the new RequestAttribute element above (changed according to @steven-legg 's comment ):

- <xs:element name="AttributeCategory" type="xacml:AttributeCategoryType"/>
+ <xs:element name="Category" type="xacml:AttributeCategoryType"/> 
<xs:complexType name="AttributeCategoryType">
   <xs:sequence>
          <xs:element ref="xacml:Content" minOccurs="0"/>
          <xs:element ref="xacml:RequestAttribute" minOccurs="0"
              maxOccurs="unbounded"/>
   </xs:sequence>
-  <xs:attribute name="Category" type="xs:anyURI" use="required"/>
+  <xs:attribute name="CategoryId" type="xs:anyURI" use="required"/>
   <xs:attribute ref="xml:id" use="optional"/>
</xs:complexType>

• RequestType changed to use the new AttributeCategory element above (changed according to @steven-legg 's comment ):

<xs:complexType name="RequestType">
   <xs:sequence>
          <xs:element ref="xacml:RequestDefaults" minOccurs="0"/>
-         <xs:element ref="xacml:AttributeCategory" maxOccurs="unbounded"/>
+         <xs:element ref="xacml:Category" maxOccurs="unbounded"/>
          <xs:element ref="xacml:MultiRequests" minOccurs="0"/>
   </xs:sequence>
   <xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required"/>
   <xs:attribute name="CombinedDecision" type="xs:boolean" use="required" />
</xs:complexType>

[steven-legg]

Category attribute may be redundant with the name AttributeCategory.

Yeah, it's a bit odd. How about <Category> for the element and CategoryId for the attribute? It aligns with <Attribute> and AttributeId. In that case we should also change the Category attribute to CategoryIdin <AttributeDesignator>, <AttributeSelector> and other places to be consistent.

[cdanger]

OK I changed the schema in my previous comment accordingly. The Category attribute is also used in <AttributeAssignment>, <AttributeAssignmentExpression>, and <MissingAttributeDetail>.

So for the other changes to the schema, here it goes (unchanged content has been omitted):

<xs:complexType name="AttributeDesignatorType">
...
-      <xs:attribute name="Category" type="xs:anyURI" use="required"/>
+      <xs:attribute name="CategoryId" type="xs:anyURI" use="required"/>
...
</xs:complexType>

...

<xs:complexType name="AttributeSelectorType">
...
-                <xs:attribute name="Category" type="xs:anyURI" use="required"/>
+                <xs:attribute name="CategoryId" type="xs:anyURI" use="required"/>
...
</xs:complexType>

...

<xs:complexType name="AttributeAssignmentType" mixed="true">
...
-                <xs:attribute name="Category" type="xs:anyURI" use="optional"/>
+                <xs:attribute name="CategoryId" type="xs:anyURI" use="optional"/>
...
</xs:complexType>

...

<xs:complexType name="AttributeAssignmentExpressionType">
...
-  <xs:attribute name="Category" type="xs:anyURI" use="optional"/>
+  <xs:attribute name="CategoryId" type="xs:anyURI" use="optional"/>
...
</xs:complexType>

...

<xs:complexType name="MissingAttributeDetailType">
...
- <xs:attribute name="Category" type="xs:anyURI" use="required"/>
+ <xs:attribute name="CategoryId" type="xs:anyURI" use="required"/>
...
</xs:complexType>

[steven-legg]

AttributeCategoryType could be shortened to CategoryType.