[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Decision="Deny" with <Action>Read</Action> VERSUS Decision="Permit" with <Action>~Read</Action>
Hi Folks, As I understand it, the AuthzDecisionStatement is used to
indicate a decision (by an Identity Provider, IdP) regarding whether a subject
should be allowed to access a resource. Suppose that the resource is “employee
salaries”. Here’s the resource URL: Resource=”http://www.CarRentalInc.com/employees/salaries” Suppose the decision is to deny read-access. There
seems to be two approaches to express this: Approach 1 <AuthzDecisionStatement Resource=”http://www.CarRentalInc.com/employees/salaries”
Decision=”Deny”> <Action
Namespace=”urn:oasis:names:tc:SAML:1.0:action:rwedc-negation”>Read</Action> </AuthzDecisionStatement> Approach 2 <AuthzDecisionStatement Resource=”http://www.CarRentalInc.com/employees/salaries”
Decision=”Permit”> <Action
Namespace=”urn:oasis:names:tc:SAML:1.0:action:rwedc-negation”>~Read</Action> </AuthzDecisionStatement> In Approach 1 the decision is to Deny Read access to the
employees salaries. In Approach 2 the decision is to Permit not Questions:
Thanks! /Roger |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]