OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-users] Sample with matching attributes of subj and resource


On 29 September, Kuketayev, Argyn writes: RE: [xacml-users] Sample with matching attributes of subj and resource
 > Nope, this one doesn't work. Condition element should come with
 > FunctionId, according to my schema.

My example was for XACML 2.0.  In XACML 2.0, the Condition
element does not have a FunctionId: it contains an expression
that must be Boolean.

 > I guess it should be something like "isTrue"

For XACML 1.0/1.1, use function Id
urn:oasis:names:tc:xacml:1.0:function:boolean-equal
and remove the <Apply ...> and </Apply> tags.

Anne

 > Argyn
 > 
 > > -----Original Message-----
 > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
 > > Sent: Wednesday, September 29, 2004 11:52 AM
 > > To: Kuketayev, Argyn
 > > Cc: xacml-users@lists.oasis-open.org
 > > Subject: Re: [xacml-users] Sample with matching attributes of 
 > > subj and resource
 > > 
 > > 
 > > <Rule RuleId="example" Effect="Permit">
 > >   <Condition>
 > >     <Apply 
 > > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
 > >       <SubjectAttributeDesignator
 > >            
 > > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
 > >            DataType="http://www.w3.org/2001/XMLSchema#string"/>
 > >       <ResourceAttributeDesignator
 > >            AttributeId="urn:argyn:resource:resource-owner"
 > >            DataType="http://www.w3.org/2001/XMLSchema#string"/>
 > >     </Apply>
 > >   </Condition>
 > > </Rule>
 > > 
 > > Anne
 > > 
 > > On 29 September, Kuketayev, Argyn writes: [xacml-users] 
 > > Sample with matching attributes of subj and resource  > From: 
 > > "Kuketayev, Argyn" <argyn_kuketayev@fanniemae.com>  > To: 
 > > xacml-users@lists.oasis-open.org  > Subject: [xacml-users] 
 > > Sample with matching attributes of subj and resource  > Date: 
 > > Wed, 29 Sep 2004 11:22:50 -0400  > 
 > >  >  Is there an example of matching attributes of subject and 
 > > resource?  >  
 > >  >  I want to permit certain ops on resource, if resource's 
 > >  >  ownerId matches username of subject.
 > >  >  
 > >  >  Thanks,
 > >  >  Argyn
 > >  >  
 > > 
 > > -- 
 > > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
 > > Sun Microsystems Laboratories
 > > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
 > > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
 > > 
 > > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]