[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-comment] Conformance tests
Frederic These are the correct versions. There are intentional syntax errors in the tests. The problem is that when converting tests from xacml 1.x version, then I "fixed" the errors in XML files. Thanks, argyn > -----Original Message----- > From: Frederic Deleon [mailto:frederic.deleon@crf.canon.fr] > Sent: Friday, October 07, 2005 10:41 AM > To: Kuketayev, Argyn (Contractor) > Cc: xacml-comment@lists.oasis-open.org; Virginie PRIE > Subject: Re: [xacml-comment] Conformance tests > > Argyn, > > Tests version we used is 0.3. > > Frederic > > Kuketayev, Argyn (Contractor) wrote: > > >Frederic, > > > > > > > > > >>-----Original Message----- > >>From: Frederic Deleon [mailto:frederic.deleon@crf.canon.fr] > >>Sent: Friday, October 07, 2005 3:48 AM > >>To: Kuketayev, Argyn (Contractor) > >>Cc: xacml-comment@lists.oasis-open.org; Virginie PRIE > >>Subject: Re: [xacml-comment] Conformance tests > >> > >>Hi, > >> > >>We passed conformance tests you defined. > >>It was globally correct for us. > >> > >> > > > >Which version of conformance tests are you refering to? > > > >The matter is that, I've found a couple of bugs in a few tests, but > >didn't have time to update the test suite yet. > > > > > > > >>However, 4 files were not valid for us: IID029Policy2.xml, > >>IID030Policy2.xml, IIE001PolicySetId1.xml and > IIE002PolicySetId1.xml. > >> From our point of view, these files do not satisfy the > XACML schema. > >>Indeed, they contain a Condition element with "FunctionId" > >>attribute and "AttributeValue" sub-element. > >> > >> > > > >Thanks for reporting these tests. I'll look at them. > > > >Thanks, > >Argyn > > > > > >
<?xml version="1.0" encoding="UTF-8"?>
<Policy
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
access_control-xacml-2.0-policy-schema-os.xsd"
PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>
Policy for Conformance Test IIA004.
This policy contains INTENTIONAL syntax error in SubjectAttributeDesigntor,
AttributeIt attribute is omitted.
</Description>
<Target/>
<Rule
RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"
Effect="Permit">
<Description>
Julius Hibbert can read or write Bart Simpson's medical
record: syntax for the SubjectAttributeDesignator omits
the required AttributeId xml attribute, however.
</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue>
<SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue>
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
<ActionAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
<Action>
<ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue>
<ActionAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
</Policy>
<?xml version="1.0" encoding="UTF-8"?>
<Policy
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
access_control-xacml-2.0-policy-schema-os.xsd"
PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA008:policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>
Policy for Conformance Test IIA008.
</Description>
<Target/>
<Rule
RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA008:rule"
Effect="Permit">
<Description>
Julius Hibbert can read or write Bart Simpson's medical record.
</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue>
<SubjectAttributeDesignator
SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue>
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
<ActionAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
<Action>
<ActionMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue>
<ActionAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue>
<SubjectAttributeDesignator
SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute"
MustBePresent="true"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Condition>
</Rule>
</Policy>
<?xml version="1.0" encoding="UTF-8"?>
<!-- AttributeId of action is INTENTIONALLY omitted -->
<Request
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
access_control-xacml-2.0-context-schema-os.xsd">
<Subject>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>Julius Hibbert</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>http://medico.com/record/patient/BartSimpson</AttributeValue>
</Attribute>
</Resource>
<Action>
<!-- AttributeId of action is INTENTIONALLY omitted -->
<Attribute
DataType="http://www.w3.org/2001/XMLSchema#string";>
<AttributeValue>read</AttributeValue>
</Attribute>
</Action><Environment/></Request>
<?xml version="1.0" encoding="UTF-8"?>
<Policy
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
access_control-xacml-2.0-policy-schema-os.xsd"
PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIC012:policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>
Policy for Conformance Test IIC012.
</Description>
<Target/>
<Rule
RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIC012:rule"
Effect="Permit">
<Description>
Non-boolean Condition. Invalid.
</Description>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
<SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"
DataType="http://www.w3.org/2001/XMLSchema#integer"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
<EnvironmentAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age"
DataType="http://www.w3.org/2001/XMLSchema#integer"/>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]