OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml-comment] Test IIB025

[XACML TC people - check me on this, please]

On 26 November, tony wilson writes: [xacml-comment] Test IIB025
 > This test appears to be designed to illustrate a subject-id mismatch
 > between the Subject in the Context Request ('Julius Hibbert'), and that
 > in the Policy's Rule Target ('Julius'). This would lead to a 'not
 > applicable' Response. 
 > However, the Subject Attribute in the Context Request does not specify
 > an Issuer,  wheras the 
 > SubjectAttributeDesignator in the Rule Target does specify an Issuer.
 > From my reading of the Attribute matching portion of the spec (section
 > 7.9.1), this should mean that the two attributes do not match and their
 > values therefore cannot be compared. As the PDP will thus be unable to
 > resolve the correct subject-id attribute from the policy, the response
 > should therefore be 'indeterminate'. Is this a correct interpretation?

The SubjectAttributeDesignator will "look for" a context
attribute that matches on all the XML attributes in the
SubjectAttributeDesignator, in this case, AttributeId, Issuer,
and DataType.  If there is no Attribute in the context that
matches on all of these, then the SubjectAttributeDesignator
returns an empty bag.  Since there is no "MustBePresent" XML
attribute in the SubjectAttributeDesignator of IIB025Policy.xml,
the result of the <SubjectMatch is "false", not "Indeterminate",
and the policy is "NotApplicable".

Anne Anderson
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC