[xacml] Re: [xacml-comment] Test IIB025

[Polar Humenn <polar@syr.edu>]

Anne,

I believe you are correct.

-Polar

On Tue, 26 Nov 2002, Anne Anderson wrote:

> [XACML TC people - check me on this, please]
>
> On 26 November, tony wilson writes: [xacml-comment] Test IIB025
>  > This test appears to be designed to illustrate a subject-id mismatch
>  > between the Subject in the Context Request ('Julius Hibbert'), and that
>  > in the Policy's Rule Target ('Julius'). This would lead to a 'not
>  > applicable' Response.
>  > However, the Subject Attribute in the Context Request does not specify
>  > an Issuer,  wheras the
>  > SubjectAttributeDesignator in the Rule Target does specify an Issuer.
>  > From my reading of the Attribute matching portion of the spec (section
>  > 7.9.1), this should mean that the two attributes do not match and their
>  > values therefore cannot be compared. As the PDP will thus be unable to
>  > resolve the correct subject-id attribute from the policy, the response
>  > should therefore be 'indeterminate'. Is this a correct interpretation?
>
> The SubjectAttributeDesignator will "look for" a context
> attribute that matches on all the XML attributes in the
> SubjectAttributeDesignator, in this case, AttributeId, Issuer,
> and DataType.  If there is no Attribute in the context that
> matches on all of these, then the SubjectAttributeDesignator
> returns an empty bag.  Since there is no "MustBePresent" XML
> attribute in the SubjectAttributeDesignator of IIB025Policy.xml,
> the result of the <SubjectMatch is "false", not "Indeterminate",
> and the policy is "NotApplicable".
>
> Anne Anderson
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>