[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Handling repetitions of Attribute Category/Id/Issuer/DataType in XACML Request
Hi Cyril, On 9/07/2015 9:35 AM, Cyril DANGERVILLE wrote:
Hello, I have issues understanding what a conformant PDP should do in the cases described below according to the XACML Core specification. Could you please tell me what is the expected behavior? 1) If a given <Request> contains multiple <Attributes> elements with the same Category value, and the PDP does not support the Multiple Decision Profile? (Is the PDP supposed to merge them? Or consider it "unsupported functionality" (§7.19.1) and therefore return "Indeterminate"? Or?)
Merging the <Attributes> would not produce the effect that the PEP is expecting, so the safe thing to do is to return Indeterminate. Better no answer than the wrong answer.
2) If a given <Request> contains multiple <Attribute> elements with the same Category, AttributeId, DataType and Issuer (undefined or same value)? (Is the PDP supposed to merge the AttributeValues? Or consider it invalid syntax and therefore return "Indeterminate"? Or?)
The <Attribute> elements don't have a Category or DataType XML attribute. The DataType XML attribute is on the <AttributeValue> element. Overall, the specification isn't clear on whether multiple <Attribute> elements with the same AttributeId and Issuer are permitted, except for Section 7.3.3: "If a single <Attribute> element in a request context contains multiple <AttributeValue> child elements, then the bag of values resulting from evaluation of the <Attribute> element MUST be identical to the bag of values that results from evaluating a context in which each <AttributeValue> element appears in a separate <Attribute> element, each carrying identical meta-data." So it appears possible and on that basis I've implemented the attribute designator to collect the values from all <Attribute> elements that match. Regards, Steven
Thanks for your help. Regards, Cyril
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]