OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] Querying polciies for auditing and reporting purpose

You would need to specify quite a lot of other assumptions about how
your policy is created to answer this correctly.

Is "123" a subject-id attribute?  Can that user have any other
attributes, roles, groups, anything?   It is a perfectly valid XACML
with an empty target in rules and conditions based upon attribute

Same goes for resource - is "R1" a resource id?  Does it have other
attributes that match can use (such as ancestors-or-self..)

And so on...

I am not sure one can construct a proper query with just the information


-----Original Message-----
From: dhirendra sharma [mailto:dhirendra_sh@yahoo.com] 
Sent: Monday, June 26, 2006 2:12 PM
To: xacml-users@lists.oasis-open.org
Subject: [xacml-users] Querying polciies for auditing and reporting

Hi ,

  For auditing purpose, I need to query policy files
and determine the matching users.

For example,
	A policy applied to a user - 123 gives him Read
access to resource R1.

  I need to able to query the polciy store with 
resource parameter R1 and Action parameter Read and I
should get the userId -123 as answer

Does anyone has best recommended approach for this ?

Dhirendra Sharma

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

This publicly archived list supports open discussion on using the 
XACML OASIS Standard. To minimize spam in the archives, you 
must subscribe before posting.

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
Alternately, using email: list-[un]subscribe@lists.oasis-open.org
List archives: http://lists.oasis-open.org/archives/xacml-users/
Committee homepage: http://www.oasis-open.org/committees/xacml/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Join OASIS: http://www.oasis-open.org/join/

Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]