OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Policy for Conformance Test IIC008 issue?

Here's the rule from the policy:

<Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIC008:rule"  
   <Description>Any subject who is not a member of the convicted-felons  
group may perform any action on any resource.</Description>
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
DataType="http://www.w3.org/2001/XMLSchema#string"; />

according to a description this should deny grants to convicted felons,  
but looking at the rule it seems like it's doing excatly the oppoiste.  
This rule matches group with "felon" string, then effect is "Permit". Am I  
right or is it just Friday night? :)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]