[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] Test IIB025
This test appears to be designed to illustrate a subject-id mismatch
between the Subject in the Context Request ('Julius Hibbert'), and that
in the Policy's Rule Target ('Julius'). This would lead to a 'not
applicable' Response.
However, the Subject Attribute in the Context Request does not specify
an Issuer, wheras the
SubjectAttributeDesignator in the Rule Target does specify an Issuer.
From my reading of the Attribute matching portion of the spec (section
7.9.1), this should mean that the two attributes do not match and their
values therefore cannot be compared. As the PDP will thus be unable to
resolve the correct subject-id attribute from the policy, the response
should therefore be 'indeterminate'. Is this a correct interpretation?
Cheers,
Tony
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC