[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: use of xpath in XACML policy file
Dear all I have a question regarding the use of Xpath Considor the XML Data file (with a hospital package having 2 records of patients): <!-- XML document--> <Hospital> <Patient> <patID>123ABC</patID> <dob>09-dec-1978</dob> <gender>Male</gender> <age>26</age> <patientName> <first>Muhammad</first> <last>Ali</last> </patientName> <patientContact> <street>13</street> <city>Innsbruck</city> <state>Austria</state> </patientContact> <primaryCarePhysician> <phyID>13</phyID> </primaryCarePhysician> </Patient> <Patient> <patID>122ABC</patID> <dob>09-dec-1977</dob> <gender>Female</gender> <age>22</age> <patientName> <first>Andrea</first> <last>Juman</last> </patientName> <patientContact> <street>13</street> <city>Innbruck</city> <state>Austria</state> </patientContact> <primaryCarePhysician> <phyID>13</phyID> </primaryCarePhysician> </Patient> <!--XML document Ends--> Now i want to implement an access control condition on this XML file by the rule that "A Patient can check his/her own medical record if he/she is the designated patient and his/her contact city should be Innsbruck" //hospital/Patient/PatID = PatientId (we got PatientId from request through AttributeDesignator function) And //hospital/Patient/patientContact/city = "Innsbruck" (Explicitly given in the policy) with suppose PatientId = 122ABC dont u all think that both of them will be selected becaz one condition will be true for the 2nd record and 2nd condtion will be true for either record, so is there is any other means to specify Xpath condition for the same XML record. The problem is that for Xpath every time i have to navigate from start of the document (and that creates problem) is there is any way to specify a condition in Xpath so that after checking the first condition i can move forward down the same element (just like Databases e.g. along the same row) and not from start of the document again . ?? I had one solution from l Xpath expression i.e. //hospital/Patient [PatID = PatientId] /patientContact/city = "Innsbruck" but how this solution can be implemented in XACML becaz any way i need the value of the parameter PatientId from the request using AttributeDesignator Functions ?? I am attaching a part of XACML policy file, if anybody of U knows the solution , let me know , or otherwise i have to implement my own funtion <!--policy starts here--> <Condition function:And> <Apply FunctionId="function:string-equal"> <Apply FunctionId="function:string-one-and-only"> <SubjectAttributeDesignator AttributeID="PatientId" DataType="String"/> </Apply> <Apply FunctionId="String-one-and-only"> <AttributeSelectorRequestContextpath=" //Hosptial/Physician/patients/patID/text()" DateType="String"> </AttributeSelector> </Apply> <!-- actual point that i am stuck here--> <Apply function:And> <Apply FunctionId="function:string-one-and-only"> <Apply FunctionId="function:string-one-and-only"> <SubjectAttributeDesignator AttributeID=" PatientId" DataType="String"/> </Apply> <Apply FunctionId="String-one-and-only"> <AttributeSelectorRequestContextpath="//Hosptial/Patient//patID/text()" DateType="String"> </AttributeSelector> </Apply> </Apply> <Apply FunctionId="function:string-one-and-only"> <Apply FunctionId="function:string-one-and-only"> <AttributevalueDataType="String"> Innsbruck<Attributevalue> </Apply> <Apply FunctionId="String-one-and-only"> <AttributeSelectorRequestContextpath=" //Hosptial/Patient//PatientContact/city/text()" DateType="String"> </AttributeSelector> </Apply> </Apply> </Apply> </Condtion> with Best regards. Muhammad Masoom Alam University of Innsbruck Austria +43 512 507 6462 +43 512 22455 410
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]