xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] Conformance test cases
- From: Anne Anderson <Anne.Anderson@Sun.com>
- To: xacml@lists.oasis-open.org
- Date: Wed, 24 Jul 2002 16:53:16 -0400 (EDT)
Attached is an html document listing my proposed conformance test
cases. Before I get too far on creating the test documents for
each case, I would appreciate some feedback.
Is this list too thorough? If so, what should be cut?
Is this list not thorough enough? Remember, we never promised an
exhaustive test suite. If you answer yes to this question, you
are probably going to get the job of making it more thorough.
Are there particular test cases that should be added? What are
they?
I plan to develop the tests for mandatory functionality. I will
roll them out gradually so I can get feedback from implementors.
I do not plan to develop the tests for non-mandatory
functionality. If one of these areas is important to you or your
organization, I invite you to volunteer for developing the tests
for those test cases.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
Title: XACML Conformance Tests
XACML Conformance Tests
Version: %I%, %E% (yy/mm/dd)
Author: Anne Anderson
Source: %P%
Contents
- Description of tests
Tests are divided into those that exercise
Mandatory-to-Implement functionality and those that
exercise Optional functionality. All conforming
implementations MUST support all Mandatory-to-Implement
functionality. Conforming implementations MAY support specific
Optional functionality areas.
Tests are divided into groups based on the primary area of
functionality or schema being exercised.
- An XACML Request
- An XACML Policy or set of Policy documents
- An XACML Response
A conforming implementation of an XACML Policy Decision Point (PDP)
must be able to:
- Accept the given Request as input
- Accept the given Policy as input
- Produce the given Response as output
A conforming implementation of an XACML Policy Administration
Point (PAP) must be able to generate each given XACML
Policy example except for those marked INVALID.
Mandatory-to-Implement Functionality Tests
- Attribute References
These tests exercise referencing of attribute values in the
Request by a policy.
- Case: Simple type attribute element present in Request
- Case: Simple type attribute element not present in
Request, but retrievable by Attribute Authority
- Case: Simple type attribute element not present in
Request and not retrievable by Attribute Authority
- Case: INVALID syntax for Attribute Selector
- Case: INVALID syntax for Request attribute
- Target Matching
These tests exercise various forms of Target matching.
- Case: match: anySubject, anyResource, anyAction
- Case: match: anySubject, anyResource, specified action
- Case: no match: anySubject, anyResource, specified action
- Case: match: specific Subject type
- Case: no match: specific Subject type
- Case: match: specific Subject identifier
- Case: no match: specific Subject identifier
- Case: match: specific Subject attribute
- Case: no match: specific Subject attribute
- Case: match: specific Subject identifier and attribute
- Case: no match: specific Subject identifier and attribute
- Case: match: specific resource
- Case: no match: specific resource
- Case: match: impliedAction
- Case: no match: impliedAction
- Case: match: specific action
- Case: no match: specific action
- Function Evaluation
- Case: true: Condition Evaluation
- Case: false: Condition Evaluation
- Case: Condition Evaluation - non-boolean datatype
- Case: function:integer-add
- Case: function:integer-add - non-integer datatype
- Case: function:decimal-add
- Case: function:add-dayTimeDuration-to-time
- Case: function:add-dayTimeDuration-to-dateTime
- Case: function:add-yearMonthDurations
- Case: function:add-dayTimeDurations
- Case: function:integer-subtract
- Case: function:decimal-subtract
- Case: function:time-subtract
- Case: function:subtract-dayTimeDuration-from-time
- Case: function:subtract-yearMonthDurations
- Case: function:subtract-dayTimeDurations
- Case: function:integer-multiply
- Case: function:decimal-multiply
- Case: function:multiply-yearMonthDurations
- Case: function:multiply-dayTimeDurations
- Case: function:numeric-divide
- Case: function:divide-yearMonthDurations
- Case: function:divide-dayTimeDurations
- Case: function:integer-mod
- Case: function:decimal-mod
- Case: function:round
- Case: function:floor
- Case: function:decimal
- Case: true: function:integer-equal
- Case: false: function:integer-equal
- Case: true: function:decimal-equal
- Case: false: function:decimal-equal
- Case: true: function:boolean-equal
- Case: false: function:boolean-equal
- Case: true: function:string-equal: literal string
- Case: true: function:string-equal: regExp
- Case: false: function:string-equal: literal string
- Case: false: function:string-equal: regExp string
- Case: true: function:xpath-equal
- Case: false: function:xpath-equal
- Case: true: function:rfc822Name-equal
- Case: true: function:rfc822Name-equal - dominance
- Case: false: function:rfc822Name-equal
- Case: false: function:rfc822Name-equal - dominance
- Case: true: function:x500Name-equal
- Case: true: function:x500Name-equal - dominance
- Case: false: function:x500Name-equal
- Case: false: function:x500Name-equal - dominance
- Case: true: function:date-equal
- Case: false: function:date-equal
- Case: true: function:time-equal
- Case: false: function:time-equal
- Case: true: function:datetime-equal
- Case: false: function:datetime-equal
- Case: true: function:yearMonthDuration-equal
- Case: false: function:yearMonthDuration-equal
- Case: true: function:dayTimeDuration-equal
- Case: false: function:dayTimeDuration-equal
- Case: true: function:gregorian-equal
- Case: false: function:gregorian-equal
- Case: true: function:hex-binary-equal
- Case: false: function:hex-binary-equal
- Case: true: function:base64-binary-equal
- Case: false: function:base64-binary-equal
- Case: true: function:anyURI-equal
- Case: false: function:anyURI-equal
- Case: true: function:QName-equal
- Case: false: function:QName-equal
- Case: true: function:NOTATION-equal
- Case: false: function:NOTATION-equal
- Case: true: function:integer-greater-than
- Case: false: function:integer-greater-than
- Case: true: function:decimal-greater-than
- Case: false: function:decimal-greater-than
- Case: true: function:boolean-greater-than
- Case: false: function:boolean-greater-than
- Case: true: function:string-greater-than
- Case: false: function:string-greater-than
- Case: true: function:date-greater-than
- Case: false: function:date-greater-than
- Case: true: function:time-greater-than
- Case: false: function:time-greater-than
- Case: true: function:datetime-greater-than
- Case: false: function:datetime-greater-than
- Case: true: function:yearMonthDuration-greater-than
- Case: false: function:yearMonthDuration-greater-than
- Case: true: function:dayTimeDuration-greater-than
- Case: false: function:dayTimeDuration-greater-than
- Case: true: function:integer-greater-than-or-equal
- Case: false: function:integer-greater-than-or-equal
- Case: true: function:decimal-greater-than-or-equal
- Case: false: function:decimal-greater-than-or-equal
- Case: true: function:string-greater-than-or-equal
- Case: false: function:string-greater-than-or-equal
- Case: true: function:date-greater-than-or-equal
- Case: false: function:date-greater-than-or-equal
- Case: true: function:time-greater-than-or-equal
- Case: false: function:time-greater-than-or-equal
- Case: true: function:datetime-greater-than-or-equal
- Case: false: function:datetime-greater-than-or-equal
- Case: true: function:yearMonthDuration-greater-than-or-equal
- Case: false: function:yearMonthDuration-greater-than-or-equal
- Case: true: function:dayTimeDuration-greater-than-or-equal
- Case: false: function:dayTimeDuration-greater-than-or-equal
- Case: true: function:string-match: literal string
- Case: true: function:string-match: regExp
- Case: false: function:string-match: literal string
- Case: false: function:string-match: regExp
- Case: true: function:and
- Case: false: function:and
- Case: true: function:or
- Case: false: function:or
- Case: true: function:ordered-or
- Case: false: function:ordered-or
- Case: true: function:n-of
- Case: false: function:n-of
- Case: true: function:not
- Case: false: function:not
- Case: true: function:present
- Case: false: function:present
- Case: true: function:subset
- Case: false: function:subset
- Case: true: function:superset
- Case: false: function:superset
- Case: true: function:non-null-set-intersection
- Case: false: function:non-null-set-intersection
- Combining Algorithms
- Case: true: DenyOverrides
- Case: false: DenyOverrides
- Case: true: PermitOverrides
- Case: false: PermitOverrides
- Designators
- Case: RuleDesignator
- Case: PolicyStatementDesignator
- Case: PolicySetStatementDesignator
- Case: PolicyStatement inside Assertion
- Case: PolicySetStatement inside Assertion
Optional Functionality Tests
- Obligations
- Multiple Decisions
- Protecting XML documents
- Case: AttributeDesignator pointing into XML document
- Case: Resource as subspace of an XML document
- Non-mandatory Functions
Durations
- Case: function:add-dayTimeDuration-to-date
- Case: function:add-yearMonthDuration-to-date
- Case: function:add-yearMonthDuration-to-dateTime
- Case: function:add-dayTimeDuration-to-dateTime
- Case: function:subtract-yearMonthDuration-from-date
- Case: function:subtract-dayTimeDuration-from-date
- Case: function:date-subtract
- Case: function:datetime-subtract
- Case: function:subtract-yearMonthDuration-from-dateTime
- Case: function:subtract-dayTimeDuration-from-dateTime
- Non-standard Combining Algorithms
Anne Anderson
Last modified: Tue Jul 23 14:55:32 EDT 2002
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC