OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] use of xpath in XACML policy file

On Sun, 2004-10-10 at 03:55, Muhammad Masoom Alam wrote:
> I have a question regarding the use of Xpath
> [...]
> Now i want to implement an access control condition on this XML file by the
> rule that "A Patient can check his/her own medical record if he/she is the
> designated patient and his/her contact city should be Innsbruck"
> [...]
> dont u all think  that both of them will be selected becaz one condition
> will be true for the 2nd record and 2nd condtion will be true for either
> record, so is there is any other means to specify Xpath condition for the
> same XML record.

Yes, this is a problem. In effect, what you need is a way to bind to a
particular node in the tree. You want something like "for each entry
starting at this level, are the following conditions true." The problem
is that XACML doesn't give you this kind of functionality.

The easiest approach I can think of is to write a function that returns
the full paths resolved for a given XPath query and an expected value.
Then you could see which strings from the separate queries overlapped.
You could also look for which paths matched one requirement, write a
function to pull out the sub-path, and then concatinate the remaining
requirement and try the query. Either way, not very clean.

Sorry, wish I could be more helpful.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]