[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] XACML Samples
> -----Original Message----- > From: Mahdi Mankai [mailto:manm08@uqo.ca] > Sent: Tuesday, October 12, 2004 4:01 PM > To: xacml-users@lists.oasis-open.org > Subject: Re: [xacml-users] XACML Samples [skip] > Example: if a rule allow me to access to a resource and > another one deny me. Combining algorithms resolve this kind > of problems but it could be a > source of conflict with unsuitable access rights. I'm addressing this problem with "unit tests". I write lots of tests to check that rights are granted properly. For example, there's a set of tests for Module1 resources which should all grant access. I call them "normal scenarios". Basically, my code asks to execute different actions on different resources on behalf of a subject, which should be granted these rights. Then there's "exception scenarios", where "improper subject" asks the same rights. In this case the requests must be denied. Whenever there's any change in policies, all these tests must be executed successfully. I don't there's a better way to achieve your objectives. Thanks, Argyn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]