[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-comment] Multiple decision result of type xpathExpression
> From: Steven Legg > Sent: Tuesday, August 27, 2013 9:36 PM > > You can test whether a node is an Amount < 200 in a policy with an expression like the following: > > <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of"> > <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than"/> > <AttributeSelector > Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" > ContextSelectorId="urn:oasis:names:tc:xacml:3.0:content-selector" > Path="self::Amount/child::text()" > DataType="http://www.w3.org/2001/XMLSchema#integer" > MustBePresent="false"/> > <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">200</AttributeValue> > </Apply> > > The AttributeSelector applies the Path to the node identified by the "content-selector" > attribute value resulting in a text() node that it turns into an XACML integer value. This goes a long way towards my goal. It works well when the element to test is a primitive type and the value of interest is its text value. I'm still confused what to do when the element to test is a complex type. For example, how can I accept an element called public knowing it is a complex type and has no significant text value? Let's say I'm satisfied to write the condition in XPath, how can the boolean returned by XPath be used by the Match element? self::public does not work because the AttributeSelector will try to compute the text value of the public node. More generally, let's say I want to compute a value in XPath and make that the String value of the AttributeSelector? Maybe I'm going in the wrong direction, but my first intuition was to compute the node name of the element selected by (//*)[I] and test it in XACML, but I can't find how to do that.