OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: one question regarding the use of Xpath

Dear all,

I have a confusion in the use of Xpath in AttributeSelector Element of XACML

suppose i have a rule "

A Physician is allowed to check the record of Patient X , if an only if he is the Primary care physician of patient X 
now Xpath would b 

/Physician/PhyID = PhysicianID  // I also wanted to check whether he is a valid physician or not.
/Physician/patients/patID = patientID of patient X   // for the checking whether Physician is the primary care physician of the Patient X or not.

This kind of Xpath is not correct as the 2nd condition can be true for any Physician who is taking care of the Patient X in addition to Primary care Physician
can we introduce some context information like this

<Apply FunctionId="function:string-equal"> 
<Apply FunctionId="function:string-one-and-only"> 
                    <SubjectAttributeDesignator AttributeID="PatientId" DataType="String"/> 
  <Apply FunctionId="String-one-and-only-with-subject"> 
<AttributeSelector RequestContextpath="/Hosptial/Physician[phyID='subjectID']/patients/patID/text()"       

is this new funciton additon is possible with XACML. ?? where subject ID represent the caller in this case

May b i am wrong in writing Xpath , if yes plz help .

with Best regards.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]