OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Beginners question - how to send multiple role in one request


Hi ,
 I have the following scenario but I am not able to figure out how I can create a xacml request and what will go to the policy
 
 
I have a user with roles role1, role2, role3 and accessing a resource resource1, these roles are not part of RBAC, just treat it as atrributes of subject
Number of roles can vary for different users
 
Now my question how to send all the roles in a request
Something like below: 
<Subject>
    <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
               DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
      <AttributeValue>saurabh256@yahoo.com</AttributeValue>
    </Attribute>
    <Attribute AttributeId="roles"
               DataType="http://www.w3.org/2001/XMLSchema#string";
               Issuer="admin@users.example.com">
      <AttributeValue>role1</AttributeValue>
<AttributeValue>role2</AttributeValue>
<AttributeValue>role3</AttributeValue>
    </Attribute>
  </Subject>
 
I know that I CAN NOT provide multiple value for one attribute but I want to knowHOW TO ACHIEVE the same. I can do something like comma separated and in policy I can use regular expression  but that will make the implementation very code specific.
 
I want to send all the roles and so that at the policy side I can user any-of function.
 
Please suggest.
 
Regards
Saurabh Suman



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]