OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] Policy for Conformance Test IIC008 issue?


Argyn,

I looked up the actual description of what is being tested here
(in the html file describing all tests).  The description in the
policy itself is incorrect.  But the test is testing for correct
handling of an empty bag passed to a function.  There is no
"convicted-felon" attribute in the corresponding Request, so the
bag will be empty, and the result is NotApplicable.

Anne

On 1 October, Argyn writes: [xacml-users] Policy for Conformance Test IIC008 issue?
 > From: Argyn <argyn@cox.net>
 > To: xacml-users@lists.oasis-open.org
 > Subject: [xacml-users] Policy for Conformance Test IIC008 issue?
 > Date: Fri, 01 Oct 2004 20:59:16 -0400
 > 
 > Here's the rule from the policy:
 > 
 > <Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIC008:rule"  
 > Effect="Permit">
 >    <Description>Any subject who is not a member of the convicted-felons  
 > group may perform any action on any resource.</Description>
 > <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
 >    <AttributeValue  
 > DataType="http://www.w3.org/2001/XMLSchema#string";>convicted-felon</AttributeValue>
 >    <SubjectAttributeDesignator  
 > AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:group"  
 > DataType="http://www.w3.org/2001/XMLSchema#string"; />
 >    </Condition>
 >    </Rule>
 > 
 > according to a description this should deny grants to convicted felons,  
 > but looking at the rule it seems like it's doing excatly the oppoiste.  
 > This rule matches group with "felon" string, then effect is "Permit". Am I  
 > right or is it just Friday night? :)
 > 
 > thanks
 > Argyn

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]