OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute


I am not sure if XACML request CTX allows to have function defined there.

For 
> Also, XACML 2.0 RBAC recommends to use
> &roles;account-manager and
> &roles;department-manager, etc. than what you have
> there.

Can you do me a favour of providing a correct example?

Best Regard
hao
--- On Fri, 1/9/09, Yoichi Takayama <yoichi@melcoe.mq.edu.au> wrote:

> From: Yoichi Takayama <yoichi@melcoe.mq.edu.au>
> Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
> To: "hao chen" <d95776@yahoo.com>
> Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info
> Date: Friday, January 9, 2009, 4:01 PM
> The example I can find is:
> 
> <Apply
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”>
> 4576
>  <Function
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal”/>
> 4577
>  <AttributeValue
> 4578
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
> 4579
>  <Apply
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”>
> 4580
>   <AttributeValue
> 4581
> DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue>
> 4582
>   <AttributeValue
> 4583
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
> 4584
>   <AttributeValue
> 4585
> DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue>
> 4586
>   <AttributeValue
> 4587
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue>
> 4588
>  </Apply>
> 4589
> </Apply>
> 4590
> 
> 
> As compared with yours (below), it seems you have to put
> the two values in a function called "string-bag"
> as above. So, I think that it may not be a SunXACML engine
> error.
> 
> Also, XACML 2.0 RBAC recommends to use
> &roles;account-manager and
> &roles;department-manager, etc. than what you have
> there.
> 
> 
> <Request>
>   <Subject
> SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
> DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
>    
> <AttributeValue>account:manager:role</AttributeValue>
>    
> <AttributeValue>card:member:department:manager:role</AttributeValue>
>     </Attribute>
>   </Subject>
>   <Resource>
>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
> DataType="http://www.w3.org/2001/XMLSchema#string";>
>    
> <AttributeValue>AccountInformation</AttributeValue>
>     </Attribute>
>   </Resource>
>   <Action>
>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
> DataType="http://www.w3.org/2001/XMLSchema#string";>
>     <AttributeValue>access</AttributeValue>
>     </Attribute>
>   </Action>
> </Request>
> 
> 
> 
> 
> --------------------------------------------------------------------------
> Yoichi Takayama, PhD
> Senior Research Fellow
> RAMP Project
> MELCOE (Macquarie E-Learning Centre of Excellence)
> MACQUARIE UNIVERSITY
> 
> Phone: +61 (0)2 9850 9073
> Fax: +61 (0)2 9850 6527
> www.mq.edu.au
> www.melcoe.mq.edu.au/projects/RAMP/
> --------------------------------------------------------------------------
> MACQUARIE UNIVERSITY: CRICOS Provider No 00002J
> 
> This message is intended for the addressee named and may
> contain confidential information.  If you are not the
> intended recipient, please delete it and notify the sender.
> Views expressed in this message are those of the individual
> sender, and are not necessarily the views of Macquarie
> E-Learning Centre Of Excellence (MELCOE) or Macquarie
> University.
> 
> On 09/01/2009, at 1:37 PM, hao chen wrote:
> 
> > Sorry, I sent you a wrong version of request. The
> attached should be the multi values attr.
> > 
> > Best Regard
> > hao
> >





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]