OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] Resource Matching in XACML

In my scneario, I will have lots of resources, lots of users and lots of
different conditions. So especially ResourceMatching and SubjectMatching
are important. I tried by removing the second rule from the policy but
still the problem persists. I checked so many times if there is a
semantic error but couldn't find anything in this easy policy. I think
the rule is matched properly (with the request), but the matching
between the resource (policy target) and the rule can't be done somehow.
Do you have any other suggestions?

Thanks in advance. 


On Tue, 2007-06-05 at 10:23 -0400, Seth Proctor wrote:
> > My problem is whenever I send a request (request file, request1.xml,
> > attached in my e-mail) to the policy (policy file, policy1.xml, attached
> > in the e-mail), I keep getting Not Applicable. I guess that this problem
> > is related with Resource Matching because if I remove ResourceMatch tags
> > and put AnyResource there, then the policy evaluation works (I get
> > Permit). But in this way, my policy is useless for me. So my question
> > is, is there a mistake in my policy or request that I miss?
> Ah, ok. Your problem is that you have two Rules, and both only apply to File1.
> So, while the Policy may apply to your Request, none of Rules does, and so
> the final decision is NotApplicable. I don't know what you're trying to
> express, but maybe you want to remove the Resource match on the second Rule,
> or change which resource-ids its matching?
> seth



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]