[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Sample with matching attributes of subj and resource
Thanks to Seth and Anne, I'm good now. Ok, finally, this one worked: ================== <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Apply> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> <ResourceAttributeDesignator AttributeId="owner-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Apply> </Apply> </Condition> ================== This one worked too: ================== <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Apply> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> <ResourceAttributeDesignator AttributeId="owner-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Apply> </Condition> ================== The fist one has similar policies in conformance tests, the second one doesn't. I guess, that looking at schema one should understand that the second one is a valid condition. Now, this one didn't work: ================== <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> <ResourceAttributeDesignator AttributeId="owner-id" DataType="http://www.w3.org/2001/XMLSchema#string"/> </Condition> ================== SunXACML complained for illegal types. Debugging shows that string-equal func expects single value, but gets a bag. So, the attr designator returns a bag. Surprise for me. Thanks, Argyn > -----Original Message----- > From: Seth.Proctor@Sun.COM [mailto:Seth.Proctor@Sun.COM] > Sent: Wednesday, September 29, 2004 12:21 PM > To: Anne.Anderson@Sun.COM > Cc: Kuketayev, Argyn; xacml-users@lists.oasis-open.org > Subject: Re: [xacml-users] Sample with matching attributes of > subj and resource > > > > > For XACML 1.0/1.1, use function Id > > urn:oasis:names:tc:xacml:1.0:function:boolean-equal > > and remove the <Apply ...> and </Apply> tags. > > Actually, I think you want to remove the Condition element and change > the remaining top-level Apply into Condition: > > <Condition > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > ... > > > seth >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]