Re: [xacml-dev] Resource Matching in XACML

[Fatih Turkmen <fatih.turkmen@dit.unitn.it>]

In my scneario, I will have lots of resources, lots of users and lots of
different conditions. So especially ResourceMatching and SubjectMatching
are important. I tried by removing the second rule from the policy but
still the problem persists. I checked so many times if there is a
semantic error but couldn't find anything in this easy policy. I think
the rule is matched properly (with the request), but the matching
between the resource (policy target) and the rule can't be done somehow.
Do you have any other suggestions?

Thanks in advance. 

-- 
Fatih TURKMEN
dit.unitn.it/~turkmen

On Tue, 2007-06-05 at 10:23 -0400, Seth Proctor wrote:
> > My problem is whenever I send a request (request file, request1.xml,
> > attached in my e-mail) to the policy (policy file, policy1.xml, attached
> > in the e-mail), I keep getting Not Applicable. I guess that this problem
> > is related with Resource Matching because if I remove ResourceMatch tags
> > and put AnyResource there, then the policy evaluation works (I get
> > Permit). But in this way, my policy is useless for me. So my question
> > is, is there a mistake in my policy or request that I miss?
>  
> Ah, ok. Your problem is that you have two Rules, and both only apply to File1.
> So, while the Policy may apply to your Request, none of Rules does, and so
> the final decision is NotApplicable. I don't know what you're trying to
> express, but maybe you want to remove the Resource match on the second Rule,
> or change which resource-ids its matching?
> 
> 
> seth

policy1.xml

request2.xml