[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Good Point on Target
One of my students just brought up a point that I think may need clarification. Because of the comment that if a target in a rule is missing the target of the rule is "inherited" from the target in the enclosing policy. He seems to think that if the Target of a Policy just states the resource and action, but wanted the subjects to be different in each rule. Since you can only "inherit" the target if it is empty, he would either have to replicate the resource and action in every target along with each subject. He doesn't think he could specify the resource in the target of the policy and specify the subject along with <AnyResoruce/> and <AnyAction/> in the target of the rules. He is perplexed because, he is under the impression that <AnySubject/> <AnyResource> and <AnyAction> actually override the enclosing target in the policy. This interpretation, of course, is wrong if we are going to make any sense of the whole kit-and-kabootle. Is anybody else under this same impression? AnySubject, AnyResource, AnyAction actually mean "inherit" from the enclosing Policy or PolicySet. -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC