[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Multiple Subjects in a single request
Hi Mine.
On May 23, 2005, at 10:04 PM, Mine Altunay wrote:
> [...]
> I could not find any additional info about subject-category attributes
> in
> the spec. where can I geta detailed description?
FYI, the term "attribute" here refers to XML attributes, not XACML
attributes. So...
> How can I get more information about how to define policies with
> subject
> categories and multiple subjects? Does anyone has an example? Also, a
> sample access request generated for multiple subjects would be very
> beneficial to take a look at
It's all pretty simple. Normally, you form a Request with only a single
Subject. This Subject is actually implicitly defined in a default
"subject category". When you refer to this subject using a
SubjectAttributeDesignator, again, you're using the default category.
These defaults are because the associated XML attributes have defaults.
To include attriubtes for many Subjects in your Request, you do this:
<Request>
<Subject SubjectCategory="foo:bar">
...
</Subject>
<Subject SubjectCategory="foo:baz">
...
</Subject>
...
Note that you can still use the default category here (or omit the
SubjectCategory attribute on one of the Subject elements).
Now, in the Policy, you add the same new XML attribute:
<SubjectAttributeDesignator AttributeId="..."
DataType="..."
SubjectCategory="foo:bar"/>
This says "retrive the Subject attributes from category foo:bar".
Again, you can leave off the SubjectCategory attribute to reference the
default category.
That's about all there is. Make sense?
seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]