OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] Multiple Subjects in a single request

Hi Mine.

On May 23, 2005, at 10:04 PM, Mine Altunay wrote:
> [...]
> I could not find any additional info about subject-category attributes 
> in
> the spec. where can I geta detailed description?

FYI, the term "attribute" here refers to XML attributes, not XACML 
attributes. So...

> How can I get more information about how to define policies with 
> subject
> categories and multiple subjects? Does anyone has an example? Also, a
> sample access request generated for multiple subjects would be very
> beneficial to take a look at

It's all pretty simple. Normally, you form a Request with only a single 
Subject. This Subject is actually implicitly defined in a default 
"subject category". When you refer to this subject using a 
SubjectAttributeDesignator, again, you're using the default category. 
These defaults are because the associated XML attributes have defaults.

To include attriubtes for many Subjects in your Request, you do this:

     <Subject SubjectCategory="foo:bar">
     <Subject SubjectCategory="foo:baz">
Note that you can still use the default category here (or omit the 
SubjectCategory attribute on one of the Subject elements).

Now, in the Policy, you add the same new XML attribute:

   <SubjectAttributeDesignator AttributeId="..."

This says "retrive the Subject attributes from category foo:bar". 
Again, you can leave off the SubjectCategory attribute to reference the 
default category.

That's about all there is. Make sense?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]