OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] XACML Samples

> -----Original Message-----
> From: Mahdi Mankai [mailto:manm08@uqo.ca] 
> Sent: Tuesday, October 12, 2004 4:01 PM
> To: xacml-users@lists.oasis-open.org
> Subject: Re: [xacml-users] XACML Samples


> Example: if a rule allow me to access to a resource and 
> another one deny me. Combining algorithms resolve this kind 
> of problems but it could be a 
> source of conflict with unsuitable access rights.

I'm addressing this problem with "unit tests". I write lots of tests to
check that rights are granted properly.

For example, there's a set of tests for Module1 resources which should
all grant access. I call them "normal scenarios". Basically, my code
asks to execute different actions on different resources on behalf of a
subject, which should be granted these rights.

Then there's "exception scenarios", where "improper subject" asks the
same rights. In this case the requests must be denied. 

Whenever there's any change in policies, all these tests must be
executed successfully. I don't there's a better way to achieve your



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]