[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] string-equal and bags
On May 11, 2005, at 11:57 AM, Rich Salz wrote:
> Test IIC003Policy.xml has this fragment:
> <Condition
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
> <AttributeValue
> DataType="http://www.w3.org/2001/XMLSchema#string";>convicted-felon</
> AttributeValue>
> <SubjectAttributeDesignator
> AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:group"
> DataType="http://www.w3.org/2001/XMLSchema#string"/>
> </Condition>
>
> But SubjectAttributeDesignator returns a bag of strings and
> string-equal doesn't work on bags.
>
> Is the test wrong, or are we missing something?
You and Polar are both right that this is invalid. From the "special
instructions" for test case IIC003:
"Special Instructions for Test Case II.C.3
The policy for this test contains a static type error.
If an initial policy with static type errors MAY EVER be evaluated
by the implementation's XACML PDP at the time a Request is
received, then this test MUST be passed. In this case, the
result MUST be consistent with the supplied IIC003Response.xml
file: it returns a Decision of Indeterminate with a StatusCode
value of "urn:oasis:names:tc:xacml:1.0:status:processing-error".
If the implementation's XACML PDP CAN NEVER attempt to evaluate
an initial policy with static type errors at the time a Request
is received, then the implementation MUST demonstrate that the
policy in IIA003Policy.xml will be rejected by whatever entity is
responsible for validating policy syntax in the system in which
the XACML PDP will be used. In this case, the supplied Request
and Response files are not relevant and may be ignored."
This test is supposed to fail. You need to read the documentation on
the tests, cause there are others designed this way too. In this case,
the test is specifically catching the fact that you can't implicitly
take the bag and turn it into a single string value.
seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]