[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Missing Attributes
> I have been looking around java docs for a while but have not yet > figureda way in my PDP code to identify missing attributes. > > StatusDetail or Result objects all return messages but they do not > explicitly identify the missing attribute in the policy > For example ResponseStatus will print something like "Function > expects one > or more attributes 0 returned", however it does not explicitly say > whichattribute (data type , and so on ) is missing You're right. In the 1.x specifications there was a StatusDetail element that was specifically provided to name the missing attributes, so this detail could be communicated back to the PEP. The problem is that, due to a bug in the spec, it wasn't possible to support this cleanly. This has been fixed in 2.0, and I hope to have this supported soon. In the meantime, there is no clean reporting mechanism beyond the generic problem that some attribute was missing. Sorry. Now, of course, if you're relying on AttributeFinderModules... > Once the type of missing attribute (rfc name or x 509 name or > whatever),my pdp logic should contact an attribute finder module, > which should > communicate with the requesting subject. The missing attribute information is only conveyed back to the PEP if no values can be found at all. This means that all applicable modules are queried before the PDP gives up. If you include an AttributeFinderModule, and it supports finding some value that's not in the Request, your code gets called before the PDP stops evaluation and returns an error to the PEP. Or is this part already clear to you? seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]