[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] Test IIB025
This test appears to be designed to illustrate a subject-id mismatch between the Subject in the Context Request ('Julius Hibbert'), and that in the Policy's Rule Target ('Julius'). This would lead to a 'not applicable' Response. However, the Subject Attribute in the Context Request does not specify an Issuer, wheras the SubjectAttributeDesignator in the Rule Target does specify an Issuer. From my reading of the Attribute matching portion of the spec (section 7.9.1), this should mean that the two attributes do not match and their values therefore cannot be compared. As the PDP will thus be unable to resolve the correct subject-id attribute from the policy, the response should therefore be 'indeterminate'. Is this a correct interpretation? Cheers, Tony
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC