[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-dev] Policy editor? Gui?
On Fri, 2004-11-12 at 11:03, Kuketayev, Argyn wrote: > here's a policy, it's a part of my version of RBAC profile > implementation > > ====================== > > <?xml version="1.0" encoding="UTF-8"?> > <PolicySet xmlns="urn:oasis:names:tc:xacml:1.0:policy" > PolicySetId="RBAC:PPS:role:default" > > PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algo > rithm:permit-overrides"> > > <Target/> > <Policy PolicyId="RBAC:Permissions:role:default" > > RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorith > m:permit-overrides"> > <Target/> > > <Rule RuleId="FinalRule" Effect="Deny"/> > </Policy> > </PolicySet> > ====================== The problem is that this is not a valid 1.x policy. The Target may not be empty. Instead, you need to specify all three Target sections with the Any* elements (eg, <AnySubject/>). The SunXACML code doesn't complain because it doesn't try to reproduce all the error-checking that can be done using schema validation, which would recognize your policy as invalid. Try running your policy through a schema checker and it should complain. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]