Subject: RE: [xacml-users] Querying polciies for auditing and reporting purpose
You would need to specify quite a lot of other assumptions about how your policy is created to answer this correctly. Is "123" a subject-id attribute? Can that user have any other attributes, roles, groups, anything? It is a perfectly valid XACML with an empty target in rules and conditions based upon attribute values. Same goes for resource - is "R1" a resource id? Does it have other attributes that match can use (such as ancestors-or-self..) And so on... I am not sure one can construct a proper query with just the information given.. Daniel; -----Original Message----- From: dhirendra sharma [mailto:firstname.lastname@example.org] Sent: Monday, June 26, 2006 2:12 PM To: email@example.com Subject: [xacml-users] Querying polciies for auditing and reporting purpose Hi , For auditing purpose, I need to query policy files and determine the matching users. For example, A policy applied to a user - 123 gives him Read access to resource R1. I need to able to query the polciy store with resource parameter R1 and Action parameter Read and I should get the userId -123 as answer Does anyone has best recommended approach for this ? Thanks, Dhirendra Sharma __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- This publicly archived list supports open discussion on using the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]firstname.lastname@example.org List archives: http://lists.oasis-open.org/archives/xacml-users/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/ _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.