OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Réf. : Re: [xacml-users] Problem with multi valuedattributes...

Thanks a lot for this quick answer !!!
I don't understand your first solution with target...
But the second one is perfect for me : I have tested it and it works 
perfectly !!!!

Valérie BAUCHE
Ingénieur en développement de solutions de sécurité
Bull, Architect of an Open World TM
http://www.bull.com

Ce message contient des informations confidentielles, couvertes par le 
secret professionnel ou réservées exclusivement à leur destinataire. Toute 
lecture, utilisation, diffusion ou divulgation sans autorisation expresse 
est rigoureusement interdite.
Si vous n'en êtes pas le destinataire, merci de prendre contact avec 
l'expéditeur et de détruire ce message. 

This e-mail contains material that is confidential for the sole use of the 
intended recipient. Any review, reliance or distribution by others or 
forwarding without express permission is strictly prohibited.
If you are not the intended recipient, please contact the sender and 
delete all copies. 




Seth Proctor <Seth.Proctor@sun.com>
25/04/2007 17:23

 
        Pour :  valerie.bauche@bull.net
        cc :    xacml-users@lists.oasis-open.org
        Objet : Re: [xacml-users] Problem with multi valued attributes...


Hi Valerie.

> I have the following xacml rule : 
> [...]
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
>                         <SubjectAttributeDesignator 
> AttributeId="urn:my-organization:security:names:subject:0.1:profil" 
> DataType="http://www.w3.org/2001/XMLSchema#string"/>
> [...] 
> But if my attribut "profil" has more than one value, I have the 
following 
> context and get an indeterminate decision :

Right. The problem here is with the "one-and-only" function. When you have
only one value for your attribute, then there is one and only value, so 
the
string-one-and-only function returns it. When you have multiple values,
however, the string-one-and-only function returns an error, because there
is not one and only one value for your attribute.

There are two ways to handle this. First, you can encode the string 
matching
in a Target, which takes care of iterating through bags of values for you.
Second, you can use something like the is-in function, to see if the 
string
you're looking for is in the collection of values associated with your
attribute.

Does that make sense?


seth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]