[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Beginner query
Hi,
I hope I'm mailing the correct place.
I am wanting to permit a request, provided certain attributes are
present. I don't care about their value, just the fact that they are
present. I cannot see any way of doing this without implementing my own
match function. Is this correct or have I missed something? I believe my
final policy doc would look like this:
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema=policy-01.xsd";
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>Policy template for attribute checking</Description>
<!-- This policy document applies to all requests -->
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<!-- Rules for attributes -->
<Rule RuleId="EmailRule" Effect="Permit">
<Description>Allow Email address</Description>
<Target>
<Subjects>
<Subject>
<ResourceMatch MatchId="isPresent">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";></AttributeValue>
<SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#anyURI";
AttributeId="emailAddress"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
</Rule>
</Policy>
Thanks
P.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]