OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml-comment] IIB010


Satoshi Hada,

Thank you for reporting this error.  A corrected copy of
IIB010Policy.xml is attached and will be included in the next
release of the Conformance Tests.

Anne Anderson

On 5 December, Satoshi Hada writes: [xacml-comment] IIB010
 > From: Satoshi Hada <SATOSHIH@jp.ibm.com>
 > To: XACML COMMENT <xacml-comment@lists.oasis-open.org>
 > Subject: [xacml-comment] IIB010
 > Date: Thu, 05 Dec 2002 15:25:44 +0900
 > 
 > The policy has
 > <SubjectAttributeDesignator AttributeId
 > ="urn:oasis:names:tc:xacml:1.0:subject-category" DataType
 > ="http://www.w3.org/2001/XMLSchema#anyURI"; />
 > 
 > No "urn:oasis:names:tc:xacml:1.0:subject-category" attribute is in the
 > request context.
 > So the expected response should not be Permit.
 > 
 > Satoshi Hada
 > IBM Tokyo Research Laboratory
 > mailto:satoshih@jp.ibm.com
 > 
 > 
 > 
 > ----------------------------------------------------------------
 > To subscribe or unsubscribe from this elist use the subscription
 > manager: <http://lists.oasis-open.org/ob/adm.pl>
 > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

<?xml version="1.0" encoding="UTF-8"?>
<Policy
      xmlns="urn:oasis:names:tc:xacml:1.0:policy"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
      xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:policy
        cs-xacml-schema-policy-01.xsd"
      PolicyId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIB010:policy"
      RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
    <Description>
        Policy for Conformance Test IIB010.
    </Description>
    <Target>
        <Subjects>
            <AnySubject/>
        </Subjects>
        <Resources>
            <AnyResource/>
        </Resources>
        <Actions>
            <AnyAction/>
        </Actions>
    </Target>
    <Rule
          RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIB010:rule"
          Effect="Permit">
        <Description>
            Julius Hibbert can read or write Bart Simpson's medical
            record as the access-subject.
        </Description>
        <Target>
            <Subjects>
                <Subject>
                    <SubjectMatch
                          MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue
                              DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue>
                        <SubjectAttributeDesignator
                              AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                              SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
                              DataType="http://www.w3.org/2001/XMLSchema#string"/>
                    </SubjectMatch>
                </Subject>
            </Subjects>
            <Resources>
                <Resource>
                    <ResourceMatch
                          MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                        <AttributeValue
                              DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue>
                        <ResourceAttributeDesignator
                              AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
                              DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
                    </ResourceMatch>
                </Resource>
            </Resources>
            <Actions>
                <Action>
                    <ActionMatch
                          MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue
                              DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
                        <ActionAttributeDesignator
                              AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                              DataType="http://www.w3.org/2001/XMLSchema#string"/>
                    </ActionMatch>
                </Action>
                <Action>
                    <ActionMatch
                          MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue
                              DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue>
                        <ActionAttributeDesignator
                              AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                              DataType="http://www.w3.org/2001/XMLSchema#string"/>
                    </ActionMatch>
                </Action>
            </Actions>
        </Target>
    </Rule>
</Policy>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC