[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Combining <AttributeMatch>'s
Hi shiv, if this is a condition that that both subjects should b present in order to perform an action then , i think the best place would b to put them in condition rather than in subject of the target i.e. means <condtion function:And> <subjectAttributedesigator attributeID = "subject1"> .................. <subjectAttributedesigator attributeID = "subject2"> </condition> This what i have understood from ur mail , may b i am wrong , if wrong plz correct me. cheers Muhammad. ----- Original Message ----- From: "Shiv Kaushal" <shiv@hep.man.ac.uk> To: <xacml-users@lists.oasis-open.org> Sent: Thursday, November 25, 2004 5:42 PM Subject: [xacml-users] Combining <AttributeMatch>'s > Hi all, > > I am new to this list and (as is likely with most newbies) I have a > question for all you XACML experts out there. Here is a quick example of > and ACL rule I have with the guts removed: > > <Rule RuleId="SomeRule" Effect="Permit"> > <Target> > <Subjects> > <Subject> > <SubjectMatch> > ...... > </SubjectMatch> > </Subject> > <Subject> > <SubjectMatch> > ...... > </SubjectMatch> > </Subject> > </Subjects> > <Actions> > <Action> > <ActionMatch> > ...... > </ActionMatch> > </Action> > <Action> > <ActionMatch> > ...... > </ActionMatch> > </Action> > </Actions> > </Target> > </Rule> > > > My question is this: > > I gather that the above rule will allow either of the subjects to perform > either of the actions (correct me if I am wrong). How would I alter this > such that the request would have to match BOTH of the <Subject> tags to > perform either of the actions(i.e. a logical AND on the two conditions)? > An example would be that it would have to be a particular user from a > particular IP address to be able to read and write to a particular > file/directory. > > Any help greatly appreciated. > > Cheers, > > Shiv > > -- > > ***************************************** > * Shiv Kaushal * > * High Energy Physics * > * Department of Physics and Astronomy * > * The University of Manchester * > * Manchester * > * M13 9PL * > * * > * Tel: 00 44 (0) 161 275 4223 * > * http://www.hep.man.ac.uk/u/shiv/ * > ***************************************** > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]