[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Help on ResourceConent!
Hi Roland! Please find my comments [Balaji] below and let me know if my understanding is corret ?. Thanks Balaji Kamal Kannadassan -----Original Message----- From: Roland Illig [mailto:roland.illig@gmx.de] Sent: Thursday, October 30, 2008 1:24 PM To: Kannadassan, Balaji (AMR:8826) Cc: xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] Help on ResourceConent! Balaji Kannadassan schrieb: > Hi All! > > I am sorry if this is too basic. I am a new bee to XML/XACML. I > am trying to understand the implementation of the same from the XACML > 1.0v pdf. I came across this tag on a place where the doctor is > searching for a DOB of patient. I am baffled on whats the need of this > piece while there is another piece of code where he picks up the > subject-id user and his DOB. Whats the use of this ResourceContent ? > Please help me in understanding the same. There are two different ways of getting information from a <Request>: 1. The <*AttributeDesignator> can be used for getting a named attribute, which looks like: <Request> <Subject> <Attribute AttributeId="subject-id"> <AttributeValue>roland</AttributeValue> </Attribute> </Subject> </Request> [Balaji] Here we are getting a request to pick a record with subjec-id as roland. In the policy, you use the following code to retrieve the attribute values: <SubjectMatch MatchId="string-equal"> <AttributeValue>roland</AttributeValue> <SubjectAttributeDesignator AttributeId="subject-id"/> </SubjectMatch> [Balaji] We are matching the same with "roland" so those whose name matches roland this policy would be applicable rt ?. Please do correct me if I am wrong on the same. 2. The <AttributeSelector> can be used for getting arbitrary XML data from the request, which can be encoded like this: <Request xmlns:h="http://example.org/html4.xsd"> <Resource> <ResourceContent> <h:html> <h:head> <h:title>Hello, World</h:title> </h:head> </h:html> </ResourceContent> <Attribute AttributeId="resource-id"> <AttributeValue>http://example.org/hello.html</AttributeValue> </Attribute> </Resource> </Request> [Balaji] We are making h to point to a XML schema definition and define record h with the contents rt ?. So whats does url with hello.html has to play here ? In the policy, you can use the following code: <ResourceMatch MatchId="regexp-string-match"> <AttributeValue>.*[Hh]ell.*</AttributeValue> <AttributeSelector RequestContextPath="//Request/Resource/ResourceMatch/h:html/h:head/h:tit le/text()"/> </ResourceMatch> [Balaji] In here are we saying that those with the title value containing .*[Hh]ell.* this policy will be applicable ?. Thanks Balaji Kamal Kannadassan With the <AttributeSelector>, you can embed arbitrary XML in the request context and run queries on it using XPath/XQuery. Embedding the XML document directly is often easier than retrieving (for example) the DOB and encoding it as a named attribute, especially if you don't know which fields of the medical record the policy needs for deciding. Did this clarify things a bit? Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]