[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-dev] one question regarding the use of Xpath
It seems your proposed function will not be a valid XACML extension function. You may want to add some "select-patient-id" function that takes a string as an argument. <apply FunctionId="select_patient_id"> <AttributeDesignator AttributeId="ns:subject-id" Datatype="xs:string"/></apply> But it does seem to me that you will be better off developing a library of XPath/XQuery functions to process you input data - outside of the scope of XACML, to populate XACML context with relevant information. It will make policy administration much cleaner. So in your context you define custom, outside of XACML accessors to physician-patient-id, and just refer to it in XACML policy using attributedesignator. Using dynamic Xpath expressions in policy may be quite cumbersome. Daniel; -----Original Message----- From: Muhammad Masoom Alam [mailto:Muhammad.alam@uibk.ac.at] Sent: Thursday, November 18, 2004 12:10 AM To: xacml-dev@lists.oasis-open.org Subject: [xacml-dev] one question regarding the use of Xpath Dear all, I have a confusion in the use of Xpath in AttributeSelector Element of XACML suppose i have a rule " A Physician is allowed to check the record of Patient X , if an only if he is the Primary care physician of patient X now Xpath would b /Physician/PhyID = PhysicianID // I also wanted to check whether he is a valid physician or not. AND /Physician/patients/patID = patientID of patient X // for the checking whether Physician is the primary care physician of the Patient X or not. This kind of Xpath is not correct as the 2nd condition can be true for any Physician who is taking care of the Patient X in addition to Primary care Physician can we introduce some context information like this <Condition> <Apply FunctionId="function:string-equal"> <Apply FunctionId="function:string-one-and-only"> <SubjectAttributeDesignator AttributeID="PatientId" DataType="String"/> </Apply> <Apply FunctionId="String-one-and-only-with-subject"> <AttributeSelector RequestContextpath="/Hosptial/Physician[phyID='subjectID']/patients/patI D/text()" DateType="String"> </AttributeSelector> </Apply> </Apply> . </Condition> is this new funciton additon is possible with XACML. ?? where subject ID represent the caller in this case May b i am wrong in writing Xpath , if yes plz help . with Best regards. Muhammad.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]