OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] Problem with multi valued attributes...



Hi Valerie.

> I have the following xacml rule : 
> [...]
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
>                         <SubjectAttributeDesignator 
> AttributeId="urn:my-organization:security:names:subject:0.1:profil" 
> DataType="http://www.w3.org/2001/XMLSchema#string"/>
> [...] 
> But if my attribut "profil" has more than one value, I have the following 
> context and get an indeterminate decision :

Right. The problem here is with the "one-and-only" function. When you have
only one value for your attribute, then there is one and only value, so the
string-one-and-only function returns it. When you have multiple values,
however, the string-one-and-only function returns an error, because there
is not one and only one value for your attribute.

There are two ways to handle this. First, you can encode the string matching
in a Target, which takes care of iterating through bags of values for you.
Second, you can use something like the is-in function, to see if the string
you're looking for is in the collection of values associated with your
attribute.

Does that make sense?


seth


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]