[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML 3.0 core spec - invalid example policy in section 4.1.1
|
Hello, one of our AuthzForce users made us realize that the very first example of policy in the XACML 3.0 spec (section 4.1.1) is *not valid* : The RuleCombingAlgId is *identifier:rule-combining-algorithm:deny-overrides* whereas it should be *urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides*. Then I checked for other such basic yet sneaky mistakes (quite frustrating and not good-looking for newbies I guess), and noticed we are still using legacy/deprecated algorithm identifiers in examples of section 4.2.4,
in particular: âurn:oasis:names:tc:xacml:*1.0*:rule-combining-algorithm:deny-overridesâ, instead of âurn:oasis:names:tc:xacml:*3.0*:rule-combining-algorithm:deny-overridesâ; and same issue for the policy combining
alg equivalent. Is that a good thing for standard examples? I only checked the Policy/RuleCombiningAlgId with my poor eyes but I guess we should pass all policy/rule examples through a proper XACML validator/engine again at some point.
For the XACML TC to consider for next version. KR, Cyril [@@ OPEN @@] Cyril Dangerville
Security Architect, CISSP THALES â
+33 (0)1 69 41 59 66 â
THALES, Campus Polytechnique, 1 avenue Augustin Fresnel, 91767 PALAISEAU, France â
www.thalesgroup.com |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]