OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: group representation and combine algorithm



I tend to represent groups as an attribute for subject. 

In the request context, all the groups that the subject is member in are
specified as group-id attributes in the subject context.


Rules that apply for groups are defined as rule for any-user with the
subject attribute of the group-id.


I want that specific rules that apply to specific user override the group
rules. I can achieve that by ordering the specific subject rules before
any-user rules and use first-applicable combining algorithm.


However I want my rules to be handled in deny-override algorithm which
contradicts the group handling algorithm.


Does anyone has idea how can I do it? Is there any other way to force
user-specific rules to override group rules?






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]