[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on ResourceConent!
Balaji Kannadassan schrieb: > Hi All! > > I am sorry if this is too basic. I am a new bee to XML/XACML. I am > trying to understand the implementation of the same from the XACML 1.0v > pdf. I came across this tag on a place where the doctor is searching for > a DOB of patient. I am baffled on whats the need of this piece while > there is another piece of code where he picks up the subject-id user and > his DOB. Whats the use of this ResourceContent ? Please help me in > understanding the same. There are two different ways of getting information from a <Request>: 1. The <*AttributeDesignator> can be used for getting a named attribute, which looks like: <Request> <Subject> <Attribute AttributeId="subject-id"> <AttributeValue>roland</AttributeValue> </Attribute> </Subject> </Request> In the policy, you use the following code to retrieve the attribute values: <SubjectMatch MatchId="string-equal"> <AttributeValue>roland</AttributeValue> <SubjectAttributeDesignator AttributeId="subject-id"/> </SubjectMatch> 2. The <AttributeSelector> can be used for getting arbitrary XML data from the request, which can be encoded like this: <Request xmlns:h="http://example.org/html4.xsd"> <Resource> <ResourceContent> <h:html> <h:head> <h:title>Hello, World</h:title> </h:head> </h:html> </ResourceContent> <Attribute AttributeId="resource-id"> <AttributeValue>http://example.org/hello.html</AttributeValue> </Attribute> </Resource> </Request> In the policy, you can use the following code: <ResourceMatch MatchId="regexp-string-match"> <AttributeValue>.*[Hh]ell.*</AttributeValue> <AttributeSelector RequestContextPath="//Request/Resource/ResourceMatch/h:html/h:head/h:title/text()"/> </ResourceMatch> With the <AttributeSelector>, you can embed arbitrary XML in the request context and run queries on it using XPath/XQuery. Embedding the XML document directly is often easier than retrieving (for example) the DOB and encoding it as a named attribute, especially if you don't know which fields of the medical record the policy needs for deciding. Did this clarify things a bit? Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]