OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Hierarchical resources policy and request file

Hi Dhirendra. As Argyn requested, please take SunXACML-specific  
questions to its sourceforge list. As to the general question you're  

> 	   <Condition>
> 		     <Apply FunctionId="urn:oasis:names:tc:xacml: 
> 1.0:function:anyURI-is-in">
> 			<SubjectAttributeDesignator
> 				AttributeId="subject-company"
> 				DataType="xs:anyURI"/>
> 		         <ResourceAttributeDesignator
> 				AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
> 				DataType="xs:anyURI"/>
> 		     </Apply>
> 	   </Condition>

As I have said twice before, the problem you're having is nothing to  
do with the implementation. Your policy is invalid. the *-is-in  
functions take a base type and a bag. In this case, it's the anyURI- 
is-in funcion, which takes a URI and a bag of URIs.  
AttributeDesignators always return bags, so you're passing the  
function two bags which is, as the exception says, invalid input.

Also, I don't see where you define the "xs" namespace. This means  
that you're also specifying an invalid datatype. Look in the XACML  
specification for the full namespaces and identifiers used for  
standard datatypes.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]