[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Policy for Conformance Test IIC008 issue?
Here's the rule from the policy: <Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIC008:rule" Effect="Permit"> <Description>Any subject who is not a member of the convicted-felons group may perform any action on any resource.</Description> <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">convicted-felon</AttributeValue> <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:group" DataType="http://www.w3.org/2001/XMLSchema#string" /> </Condition> </Rule> according to a description this should deny grants to convicted felons, but looking at the rule it seems like it's doing excatly the oppoiste. This rule matches group with "felon" string, then effect is "Permit". Am I right or is it just Friday night? :) thanks Argyn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]