[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Newbie - problem with regexp-string-match condition
Hi, I am new to the list, and am trying to learn about XACML, but I've run into a problem with some simple testing, and I hope that someone here can help. For testing, I had originally created a simple XACML policy file containing a rule with just a simple function:and, with two attributes, i.e.: accesslevel=HIGH and location=USA. After I got that original XACML working, then I extended it to include a function:not with a 3rd attribute, i.e.: (accesslevel=HIGH and (location=USA and role <> BADGUY)) I actually got that 2nd version working, but I found a problem with it, because it was giving a PERMIT when the "role" attribute was empty (""), so I thought that I'd try to use a function:regexp-string-match, using a regular expression of ^BADGUY$. The problem is that I can't seem to get this last test to work. Here's my <Condition> with the function:regexp-string-match: <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">HIGH</AttributeValue> <EnvironmentAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="accesslevel" /> </Apply> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">USA</AttributeValue> <EnvironmentAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="location" /> </Apply> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^BADGUY$</AttributeValue> <EnvironmentAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="role" /> </Apply> </Apply> </Apply> </Apply> </Condition> Can anyone tell me what the problem might be with the above? Thanks, Jim
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]