OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: need clarification on Target Matching in XACML v2.0


In XACML v2.0, 5.5 Element<Target> section, the spec states 

"For the parent of the <Target> element to be applicable to the decision request, there MUST be at least one positive match between each section of the <Target> element and the corresponding section of the <xacml
context:Request> element."

I need some kind of clarification on the statement. For example, if I define a subject with 2 attributs in the target of a xacml policy such as:
&role;account manager
&department;customer service
and the PDP gets a request which has a subject with only 1 attribute as
&role:account manager

Does this request subject match the subject defined in the target of the policy and will the rule defined to the target will be evaluated?

I have the same kind of questions for resource and action defined in target too.


thanks
hao


      


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]