[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Problem with multi valued attributes...
Hi Valerie. > I have the following xacml rule : > [...] > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> > <SubjectAttributeDesignator > AttributeId="urn:my-organization:security:names:subject:0.1:profil" > DataType="http://www.w3.org/2001/XMLSchema#string"/> > [...] > But if my attribut "profil" has more than one value, I have the following > context and get an indeterminate decision : Right. The problem here is with the "one-and-only" function. When you have only one value for your attribute, then there is one and only value, so the string-one-and-only function returns it. When you have multiple values, however, the string-one-and-only function returns an error, because there is not one and only one value for your attribute. There are two ways to handle this. First, you can encode the string matching in a Target, which takes care of iterating through bags of values for you. Second, you can use something like the is-in function, to see if the string you're looking for is in the collection of values associated with your attribute. Does that make sense? seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]