OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Help on ResourceConent!

Balaji Kannadassan schrieb:
> 1. The <*AttributeDesignator> can be used for getting a named attribute,
> which looks like:
> 
> <Request>
>  <Subject>
>   <Attribute AttributeId="subject-id">
>    <AttributeValue>roland</AttributeValue>
>   </Attribute>
>  </Subject>
> </Request>
> 
> [Balaji] Here we are getting a request to pick a record with subjec-id
> as roland.

That's correct.

> In the policy, you use the following code to retrieve the attribute
> values:
> 
> <SubjectMatch MatchId="string-equal">
>  <AttributeValue>roland</AttributeValue>
>  <SubjectAttributeDesignator AttributeId="subject-id"/> </SubjectMatch>
> 
> [Balaji] We are matching the same with "roland" so those whose name
> matches roland this policy would be applicable rt ?. Please do correct
> me if I am wrong on the same.

That's also correct.

> 2. The <AttributeSelector> can be used for getting arbitrary XML data
> from the request, which can be encoded like this:
> 
> <Request xmlns:h="http://example.org/html4.xsd";>
>  <Resource>
>   <ResourceContent>
>    <h:html>
>     <h:head>
>      <h:title>Hello, World</h:title>
>     </h:head>
>    </h:html>
>   </ResourceContent>
>   <Attribute AttributeId="resource-id">
>    <AttributeValue>http://example.org/hello.html</AttributeValue>
>   </Attribute>
>  </Resource>
> </Request>
> 
> [Balaji] We are making h to point to a XML schema definition and define
> record h with the contents rt ?. So whats does url with hello.html has
> to play here ?

I included it to show that the <ResourceContent> is that of a specific
document. It doesn't have any other specific purpose.

> <ResourceMatch MatchId="regexp-string-match">
> <AttributeValue>.*[Hh]ell.*</AttributeValue>
>  <AttributeSelector
> RequestContextPath="//Request/Resource/ResourceMatch/h:html/h:head/h:tit
> le/text()"/>
> </ResourceMatch>
> 
> [Balaji] In here are we saying that those with the title value
> containing .*[Hh]ell.* this policy will be applicable ?.

Yes, exactly.

Roland

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]