[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
Hi Yoichi,
The example you've quoted with the "string-bag" function is from a policy,
not a request. As stated in other emails, XACML v2.0 allows multiple
values for attributes in requests.
Regards,
Craig
---
craig forster | staff software engineer | ibm australia development labs
http://blogs.tap.ibm.com/weblogs/craigforster/
From: Yoichi Takayama <yoichi@melcoe.mq.edu.au>
To: hao chen <d95776@yahoo.com>
Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info
Date: 10/01/2009 08:02
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
The example I can find is:
<Apply FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”>
4576
<Function FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal
”/>
4577
<AttributeValue
4578
DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
4579
<Apply FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”>
4580
<AttributeValue
4581
DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue>
4582
<AttributeValue
4583
DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
4584
<AttributeValue
4585
DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue>
4586
<AttributeValue
4587
DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue>
4588
</Apply>
4589
</Apply>
4590
As compared with yours (below), it seems you have to put the two values in
a function called "string-bag" as above. So, I think that it may not be a
SunXACML engine error.
Also, XACML 2.0 RBAC recommends to use &roles;account-manager and
&roles;department-manager, etc. than what you have there.
<Request>
<Subject SubjectCategory="
urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>account:manager:role</AttributeValue>
<AttributeValue>card:member:department:manager:role</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute AttributeId="
urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="
http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>AccountInformation</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>access</AttributeValue>
</Attribute>
</Action>
</Request>
--------------------------------------------------------------------------
Yoichi Takayama, PhD
Senior Research Fellow
RAMP Project
MELCOE (Macquarie E-Learning Centre of Excellence)
MACQUARIE UNIVERSITY
Phone: +61 (0)2 9850 9073
Fax: +61 (0)2 9850 6527
www.mq.edu.au
www.melcoe.mq.edu.au/projects/RAMP/
--------------------------------------------------------------------------
MACQUARIE UNIVERSITY: CRICOS Provider No 00002J
This message is intended for the addressee named and may contain
confidential information. If you are not the intended recipient, please
delete it and notify the sender. Views expressed in this message are those
of the individual sender, and are not necessarily the views of Macquarie
E-Learning Centre Of Excellence (MELCOE) or Macquarie University.
On 09/01/2009, at 1:37 PM, hao chen wrote:
Sorry, I sent you a wrong version of request. The attached should be
the multi values attr.
Best Regard
hao
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]