Re: [xacml-users] Hierarchical resources policy and request file

[Seth Proctor <Seth.Proctor@sun.com>]

Hi Dhirendra. As Argyn requested, please take SunXACML-specific  
questions to its sourceforge list. As to the general question you're  
asking:

> 	   <Condition>
> 		     <Apply FunctionId="urn:oasis:names:tc:xacml: 
> 1.0:function:anyURI-is-in">
> 		
> 			<SubjectAttributeDesignator
> 				AttributeId="subject-company"
> 				DataType="xs:anyURI"/>
> 				
> 		         <ResourceAttributeDesignator
> 				AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
> 				DataType="xs:anyURI"/>
> 		     </Apply>
> 	   </Condition>

As I have said twice before, the problem you're having is nothing to  
do with the implementation. Your policy is invalid. the *-is-in  
functions take a base type and a bag. In this case, it's the anyURI- 
is-in funcion, which takes a URI and a bag of URIs.  
AttributeDesignators always return bags, so you're passing the  
function two bags which is, as the exception says, invalid input.

Also, I don't see where you define the "xs" namespace. This means  
that you're also specifying an invalid datatype. Look in the XACML  
specification for the full namespaces and identifiers used for  
standard datatypes.


seth