OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute



Hi folks. Looks like I picked the wrong weekend to ignore my work email..

> > I believe the problem is that Sun's ref impl is based on XACML 1.1,
> > where only a single AttributeValue was allowed in an Attribute element.
> 
> Whew. That came as news to me. Indeed, section 6.7 of XACML 1.0 says
> that an attribute can have "At most one attribute value". I had always
> thought that multiple values had been there from the beginning. Thanks
> for telling me that.
 
The problem here is indeed that SunXACML has been updated to support 2.0
POLICIES but not REQUESTS or RESPONSES. In XACML 1.1 you're allowed to
specify multiple values for the same attribute using different Attribute
elements, so this is what's currently supported. In XACML 2.0 the standard
was updated to support multiple values in the same Attribute element.

For those using SunXACML, you can specify multiple values using multiple
Attribute elements (I know, a pain). Hopefully someone will update the
request/response implementation at some point..


seth


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]