[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: one question regarding the use of Xpath
Dear all,
I have a confusion in the use of Xpath in AttributeSelector Element of XACML
suppose i have a rule "
A Physician is allowed to check the record of Patient X , if an only if he is the Primary care physician of patient X
now Xpath would b
/Physician/PhyID = PhysicianID // I also wanted to check whether he is a valid physician or not.
AND
/Physician/patients/patID = patientID of patient X // for the checking whether Physician is the primary care physician of the Patient X or not.
This kind of Xpath is not correct as the 2nd condition can be true for any Physician who is taking care of the Patient X in addition to Primary care Physician
can we introduce some context information like this
<Condition>
<Apply FunctionId="function:string-equal">
<Apply FunctionId="function:string-one-and-only">
<SubjectAttributeDesignator AttributeID="PatientId" DataType="String"/>
</Apply>
<Apply FunctionId="String-one-and-only-with-subject">
<AttributeSelector RequestContextpath="/Hosptial/Physician[phyID='subjectID']/patients/patID/text()"
DateType="String">
</AttributeSelector>
</Apply>
</Apply>
.
</Condition>
is this new funciton additon is possible with XACML. ?? where subject ID represent the caller in this case
May b i am wrong in writing Xpath , if yes plz help .
with Best regards.
Muhammad.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]