Internet DRAFT - draft-oconnell-dbrief
draft-oconnell-dbrief
Applications Area Working Group M. O'Connell
Internet-Draft DNS International
Expires: January 2, 2016 July 1, 2015
Dynamic Business-Rule Implementation and Execution Framework
draft-oconnell-dbrief-01
Abstract
This memo details the structure for implementing a process of
routines or functions that govern any generic task in order to
achieve compliance to predefined a technical framework.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 2, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
O'Connell Expires January 2, 2016 [Page 1]
�
Internet-Draft D-BRIEF July 2015
1. Introduction
A challenge facing most complex systems is an inherant inflexibility
in the implementation of dynamic legal and technical policies. When
an industry is in constant flux it can increase workload on
developers to maintain the software standards while still allowing
for future extensibility. A formalised policy document is a
requirement in almost every industry however conversion of the
formalised policy document into working machine code is a time
consuming and tedious process, which is furthermore fraught with
hidden complexity and errors. The Policy Engine defined in this
document aims at alleviating the implementation of formalised policy
in a structured and concise format.
1.1. Structure
1.1.1. Technical
The Policy Engine is a structured XML document which contains a
scriptable language as a series of activities and logical branches.
Compiled language or compiled policy engine implementation falls out
of the scope of this document. The intention of the Policy Engine is
to operate on XML based payloads but this could be adapted to work on
any message format.
1.1.2. Methodology
In order to deal with unknown requirements and future extensibility
the Unix philosophy was adopted. The following Unix philosophy rules
(From Wikipedia) should be assimilated when developing the policy
code:
o Rule of Modularity - Developers should build a program out of
simple parts connected by well defined interfaces, so problems are
local, and parts of the program can be replaced in future versions
to support new features.
o Rule of Clarity - Developers should write programs as if the most
important communication is to the developer, including him- or
herself, who will read and maintain the program rather than the
computer.
o Rule of Separation - Developers should separate the mechanisms of
the programs from the policies of the programs; one method is to
divide a program into a front-end interface and back-end engine
that interface communicates with.
O'Connell Expires January 2, 2016 [Page 2]
�
Internet-Draft D-BRIEF July 2015
o Rule of Simplicity - Developers should design for simplicity by
looking for ways to break up program systems into small,
straightforward cooperating pieces.
o Rule of Parsimony - Developers should avoid writing big programs.
o Rule of Economy - Developers should value developer time over
machine time, because machine cycles as of the year 2014 are
relatively inexpensive compared to prices in the 1970s.
The Policy Engine is assembled using parts of the Policy Code in an
ordered and controlled environment. Meta-Functions should be
implemented in order to traverse, invoke, or destroy current tasks.
1.1.3. Hierarchical Structure
O'Connell Expires January 2, 2016 [Page 3]
�
Internet-Draft D-BRIEF July 2015
The business rules are stored in a hierarchical structure as detailed
below
+------+
| ROOT |
+---+--+
| +-----------+---------------------+-------------------+
+----> VARIABLES | LIBRARY DEFINITIONS | XPATH CONSTRAINTS |
| +-----------+---------------------+-------------------+
| +---------+
+----> OBJECTS |
+----+----+
| +--------+
+------> EVENTS |
+----+---+
| +------------+
+-----> ACTIVITIES <-----------------+
+------+-----+ |
| +--------+ |
| | LINE 1 | |
+-------> LINE 2 | |
| | LINE n | |
| +--------+ |
| +------------+ |
+-------> ACTIVITIES +--+
| +------------+ |
| XXXXXX |
| XX XX |
+------>XXX BRANCH XXX+-+
| XX XX
| XXXXXX
| +---------+
+-------> FINALLY |
+---------+
Figure 1
o Variables - Declared global variables which must be instantiated
for each policy engine instance
o Library Definitions - A series of library imports with defined
prefixes
o XPath Constraints - A collection of XPath queries with the
required minimum count, maximum count, minimum length, maximum
length, regular expression match, and description fields.
O'Connell Expires January 2, 2016 [Page 4]
�
Internet-Draft D-BRIEF July 2015
o Objects - A abstract base set of object names for example
'Domain', or 'Contact'
o Events - The abstract base object event to be invoked for example
'Create', or 'Update'
o Activities - A series of activities to perform in order of
appearance
o Line 1, Line 2, Line n - Lines of code either by library
invocation or direct code
o Child Activities - Nested child activities to perform, for
semantic value only
o Branch - A branch in order to separate logical program flow
o Finally - A block of activities to perform even in the event of an
exception in the previous activities, used for cleaning up or
handling an error in a 'clean' mechanism
1.2. implementation
Conversion and implementation can begin as soon as a formalised
policy document has been released. The document should outline a
clear process to adhere to when performing a routine. Bullet point
based procedures are the easiest to implement on condition each
bullet point defines a single task to perform. Each bullet point
should be able to be converted into usable machine code known as
Policy Code. The Policy Engine can begin construction once the
textual elements have been converted to Policy Code.
Appendix A. Acknowledgements
(In no particular order)
o Ed Pascoe
o David Peall
o Vlad Dinculescu
o Theo Kramer
O'Connell Expires January 2, 2016 [Page 5]
�
Internet-Draft D-BRIEF July 2015
Appendix B. EPP Registry Example
A sample policy XML file built by a specialised user interface
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<pc:policyConfig xmlns:pc="urn:ietf:params:xml:ns:dns:policyconf">
<pc:policyParameters pc:policyIdentifier="test">
<pc:constants>
<pc:values pc:name="Root">mygtld</pc:values>
<pc:values pc:name="banned_domain_list">[]</pc:values>
<pc:values pc:name="banned_contact_list">[]</pc:values>
<pc:values pc:name="banned_host_list">[]</pc:values>
<pc:values pc:name="GracePeriod">5 days</pc:values>
<pc:values pc:name="PendingReleasePeriod">5 days</pc:values>
<pc:values pc:name="PendingTerminationPeriod">5 days</pc:values>
<pc:values pc:name="PendingUpdatePeriod">5 days</pc:values>
<pc:values pc:name="PendingTransferUpdatePeriod">5 days</pc:values>
</pc:constants>
<pc:libraries>
<pc:library pc:name="PolicyExec" pc:path="lib/elib/PolicyExec.py" pc:prefix="PolicyExec" pc:type="Python"/>
</pc:libraries>
<pc:constraints>
<pc:policylimit pc:xpath="//domain:name" pc:minlen="1" pc:maxlen="255"
pc:regex="^[A-Za-z0-9\-]+\.[A-Za-z0-9\-]+$" pc:code="2306"
pc:desc="Incorrectly formatted domain name"/>
<pc:policylimit pc:xpath="//contact:street" pc:minlen="8" pc:maxlen="255"/>
<pc:policylimit pc:xpath="//contact:city" pc:minlen="2" pc:maxlen="255" pc:regex=""/>
<pc:policylimit pc:xpath="//contact:state" pc:minlen="2" pc:maxlen="255" pc:regex=""/>
<pc:policylimit pc:xpath="//contact:email" pc:minlen="1" pc:maxlen="255" pc:regex="[A-Z0-9._%-]+@[A-Z0-9.-]+$"/>
<pc:policylimit pc:xpath="//domain:hostObj" pc:mincount="0" pc:maxcount="5" pc:regex=""/>
<pc:policylimit pc:xpath="//domain:hostAttr" pc:mincount="0" pc:maxcount="5" pc:regex=""/>
</pc:constraints>
</pc:policyParameters>
<pc:objects pc:name="Domain">
<pc:events pc:name="Create">
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="Availability">
<pc:rules>PolicyExec.domain_isAvailable(request)</pc:rules>
</pc:children>
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.domain_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
O'Connell Expires January 2, 2016 [Page 6]
�
Internet-Draft D-BRIEF July 2015
<pc:children pc:name="BannedListCheck">
<pc:rules>PolicyExec.checkBannedList(request.find(fns("{domain}name")).text,
banned_domain_list)</pc:rules> </pc:children>
<pc:children pc:name="InBailiwickCheck">
<pc:rules>PolicyExec.host_inbailiwickCheck(request)</pc:rules>
</pc:children>
</pc:activities>
<pc:activities pc:name="Accounting">
<pc:children pc:name="AccountValid"/>
</pc:activities>
<pc:activities pc:name="Nameservers">
<pc:rules>PolicyExec.domain_nameserverCheck(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Billing"/>
<pc:activities pc:name="ContactState:Linked">
<pc:rules>PolicyExec.contact_adjustState(clID, "Linked")</pc:rules>
</pc:activities>
<pc:activities pc:name="Timer:Domain,GracePeriod">
<pc:rules>PolicyExec.startTimer(request, "Domain",
"GracePeriod", \GracePeriod)</pc:rules> </pc:activities>
</pc:events>
<pc:events pc:name="Delete">
<pc:activities pc:name="StatusCheck">
<pc:rules>PolicyExec.domain_statusCheck(request, ["Active",
"Ok"])</pc:rules> </pc:activities>
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.domain_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="DependencyCheck">
<pc:rules>PolicyExec.domain_dependencyCheck(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="GracePeriodCheck">
<pc:branch pc:decision="PolicyExec.domain_isInGracePeriod(request)">
<pc:answerTrue pc:name="InGracePeriod">
<pc:children pc:name="Accounting"/>
<pc:children pc:name="Timer:Domain,PendingRelease">
<pc:rules>PolicyExec.startTimer(request, "Domain",
"PendingRelease", PendingReleasePeriod)</pc:rules> </pc:children>
</pc:answerTrue>
<pc:answerFalse pc:name="OutOfGracePeriod">
<pc:children pc:name="Timer:Domain,PendingSuspension">
<pc:rules>PolicyExec.startTimer(request, "Domain",
"PendingTermination", PendingTerminationPeriod)</pc:rules> </pc:children>
</pc:answerFalse>
</pc:branch>
O'Connell Expires January 2, 2016 [Page 7]
�
Internet-Draft D-BRIEF July 2015
</pc:activities>
</pc:events>
<pc:events pc:name="Update">
<pc:activities pc:name="StatusCheck">
<pc:rules>PolicyExec.domain_statusCheck(request, ["Active",
"Ok"])</pc:rules> </pc:activities>
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.domain_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.domain_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
<pc:children pc:name="InBailiwickCheck">
<pc:rules>PolicyExec.host_inbailiwickCheck(request)</pc:rules>
</pc:children>
</pc:activities>
<pc:activities pc:name="Nameservers">
<pc:rules>PolicyExec.domain_nameserverCheck(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Timer:Domain,PendingUpdate">
<pc:rules>PolicyExec.startTimer(request, "Domain",
"PendingUpdate", PendingUpdatePeriod)</pc:rules> </pc:activities>
</pc:events>
<pc:events pc:name="Transfer">
<pc:activities pc:name="StatusCheck">
<pc:rules>PolicyExec.domain_statusCheck(request, ["Active",
"Ok"])</pc:rules> </pc:activities>
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.domain_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="GracePeriodCheck">
<pc:rules>PolicyExec.domain_isInGracePeriod(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.domain_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
O'Connell Expires January 2, 2016 [Page 8]
�
Internet-Draft D-BRIEF July 2015
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
</pc:activities>
<pc:activities pc:name="Timer:Domain,PendingTransferUpdate">
<pc:rules>PolicyExec.startTimer(request, "Domain",
"PendingTransferUpdate", \PendingTransferUpdatePeriod)</pc:rules>
</pc:activities>
<pc:activities pc:name="BeginTransfer">
<pc:rules>PolicyExec.domain_startTransfer(request, clID)</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="GracePeriod">
<pc:activities pc:name="DomainState:Active">
<pc:rules>PolicyExec.domain_adjustState(request, "Active")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="PendingUpdate">
<pc:activities pc:name="DomainState:Active">
<pc:rules>PolicyExec.domain_adjustState(request, "Active")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="PendingTransferUpdate">
<pc:activities pc:name="DomainState:Active">
<pc:rules>PolicyExec.domain_adjustState(request, "Active")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="Check">
<pc:activities pc:name="Failure"/>
</pc:events>
</pc:objects>
<pc:objects pc:name="Contact">
<pc:events pc:name="Create">
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="Availability">
<pc:rules>PolicyExec.contact_isAvailable(request)</pc:rules>
</pc:children>
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.contact_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
<pc:children pc:name="BannedListCheck">
<pc:rules>PolicyExec.checkBannedList(request, banned_contact_list)</pc:rules>
</pc:children>
O'Connell Expires January 2, 2016 [Page 9]
�
Internet-Draft D-BRIEF July 2015
</pc:activities>
<pc:activities pc:name="ContactState:OK">
<pc:rules>PolicyExec.contact_adjustState(clID, "Ok")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="Delete">
<pc:activities pc:name="StatusCheck">
<pc:rules>PolicyExec.contact_statusCheck(request, ["Ok"])</pc:rules>
</pc:activities>
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.contact_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="DependencyCheck">
<pc:rules>PolicyExec.contact_dependencyCheck(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="ContactState:Deleted">
<pc:rules>PolicyExec.contact_adjustState(clID, "Deleted")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="Update">
<pc:activities pc:name="StatusCheck">
<pc:rules>PolicyExec.contact_statusCheck(request, ["Ok"])</pc:rules>
</pc:activities>
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.contact_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.contact_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
</pc:activities>
</pc:events>
</pc:objects>
<pc:objects pc:name="Host">
<pc:events pc:name="Create">
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
O'Connell Expires January 2, 2016 [Page 10]
�
Internet-Draft D-BRIEF July 2015
<pc:children pc:name="Availability">
<pc:rules>PolicyExec.host_isAvailable(request)</pc:rules>
</pc:children>
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.host_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
<pc:children pc:name="BannedListCheck">
<pc:rules>PolicyExec.checkBannedList(request, banned_host_list)</pc:rules>
</pc:children>
<pc:children pc:name="InBailiwickCheck">
<pc:rules>PolicyExec.host_inbailiwickCheck(request)</pc:rules>
</pc:children>
</pc:activities>
<pc:activities pc:name="Nameservers">
<pc:rules>PolicyExec.domain_nameserverCheck(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="ContactState:Linked">
<pc:rules>PolicyExec.contact_adjustState(clID, "Linked")</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="Delete">
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.host_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="DependencyCheck">
<pc:rules>PolicyExec.host_dependencyCheck(request)</pc:rules>
</pc:activities>
</pc:events>
<pc:events pc:name="Update">
<pc:activities pc:name="Permission">
<pc:rules>PolicyExec.checkPermission(request, clID, objectname, eventname)</pc:rules>
</pc:activities>
<pc:activities pc:name="Existence">
<pc:rules>PolicyExec.host_exists(request)</pc:rules>
</pc:activities>
<pc:activities pc:name="Validation">
<pc:children pc:name="MandatoryValues">
<pc:rules>PolicyExec.host_mandatoryValues(request)</pc:rules>
</pc:children>
<pc:children pc:name="FormatCheck">
<pc:rules>PolicyExec.validation(request)</pc:rules>
</pc:children>
O'Connell Expires January 2, 2016 [Page 11]
�
Internet-Draft D-BRIEF July 2015
<pc:children pc:name="InBailiwickCheck">
<pc:rules>PolicyExec.host_inbailiwickCheck(request)</pc:rules>
</pc:children>
</pc:activities>
<pc:activities pc:name="Nameservers">
<pc:rules>PolicyExec.domain_nameserverCheck(request)</pc:rules>
</pc:activities>
</pc:events>
</pc:objects>
</pc:policyConfig>
The above is an example of an EPP Registry Implementation, note the
use of the Library Prefix as defined in the libraries section
Appendix C. XML Schema
<?xml version="1.0" encoding="UTF-8"?>
<!-- (c) Domain Name Services (Pty) Ltd. 2014. All rights reserved. -->
<schema xmlns="http://www.w3.org/2001/XMLSchema"
targetNamespace="urn:ietf:params:xml:ns:dns:policyconf"
xmlns:tns="urn:ietf:params:xml:ns:dns:policyconf"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xlink="http://www.w3.org/1999/xlink"
elementFormDefault="qualified" attributeFormDefault="qualified" version="1_0">
<element name="policyConfig">
<complexType>
<sequence>
<element name="copyright" type="string" minOccurs="0"/>
<element name="policyParameters" type="tns:policyParameters" minOccurs="0"/>
<element name="objects" type="tns:object" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
</element>
<complexType name="event">
<sequence>
<element name="activities" type="tns:activity" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="name" type="string" use="required"/>
</complexType>
<complexType name="object">
<sequence>
<element name="events" type="tns:event" minOccurs="0" maxOccurs="unbounded"/>
O'Connell Expires January 2, 2016 [Page 12]
�
Internet-Draft D-BRIEF July 2015
</sequence>
<attribute name="name" type="string" use="required"/>
</complexType>
<complexType name="activity">
<sequence>
<element name="rules" type="string" minOccurs="0" maxOccurs="unbounded"/>
<element name="branch" type="tns:booleanBranch" minOccurs="0"/>
<element name="children" type="tns:activity" minOccurs="0" maxOccurs="unbounded"/>
<element name="finally" type="tns:activity" minOccurs="0" maxOccurs="1"/>
</sequence>
<attribute name="name" type="string" use="required"/>
</complexType>
<complexType name="booleanBranch">
<sequence>
<element name="answerTrue" type="tns:activity" minOccurs="1" maxOccurs="1"/>
<element name="answerFalse" type="tns:activity" minOccurs="1" maxOccurs="1"/>
</sequence>
<attribute name="decision" type="string" use="required"/>
</complexType>
<complexType name="policyParameters">
<sequence>
<element name="constants" type="tns:constants" minOccurs="0"/>
<element name="libraries" type="tns:libraries" minOccurs="0"/>
<element name="constraints" type="tns:constraints" minOccurs="0"/>
</sequence>
<attribute name="policyIdentifier" type="string" use="optional"/>
</complexType>
<complexType name="libraries">
<sequence>
<element name="library" type="tns:library" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="library">
<attribute name="name" type="string" use="required"/>
<attribute name="path" type="string" use="required"/>
<attribute name="prefix" type="string"/>
<attribute name="type" type="tns:libraryType" default="Python"/>
</complexType>
<complexType name="constants">
<sequence>
<element name="values" minOccurs="0" maxOccurs="unbounded">
<complexType>
O'Connell Expires January 2, 2016 [Page 13]
�
Internet-Draft D-BRIEF July 2015
<simpleContent>
<extension base="string">
<attribute name="name" type="string" use="required"/>
<attribute name="comment" type="string"/>
</extension>
</simpleContent>
</complexType>
</element>
</sequence>
</complexType>
<complexType name="constraints">
<sequence>
<element name="policylimit" type="tns:policyLimit" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="policyLimit">
<attribute name="xpath" type="string" use="required"/>
<attribute name="minlen" type="int"/>
<attribute name="maxlen" type="int"/>
<attribute name="mincount" type="int"/>
<attribute name="maxcount" type="int"/>
<attribute name="regex" type="string"/>
<attribute name="code" type="int"/>
<attribute name="desc" type="string"/>
</complexType>
<simpleType name="libraryType">
<restriction base="NMTOKEN">
<enumeration value="Python"/>
</restriction>
</simpleType>
</schema>
Author's Address
Michael J O'Connell
Domain Name Services (Pty) Ltd
COZA House
Gazelle Close, Corporate Park South
Midrand, Gauteng 1685
ZA
Phone: +27 11 568 2812
Email: mike@dnservices.co.za
URI: http://dns.net.za/
O'Connell Expires January 2, 2016 [Page 14]
