[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Help on ResourceConent!
Hi Roland! BTW from your reply to consolidate its basically to expand the content of the records, i.e what the resource conent tag is for rt ?. Thx a lot for responding to my query. Thanks Balaji Kamal Kannadassan -----Original Message----- From: Roland Illig [mailto:roland.illig@gmx.de] Sent: Thursday, October 30, 2008 1:24 PM To: Kannadassan, Balaji (AMR:8826) Cc: xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] Help on ResourceConent! Balaji Kannadassan schrieb: > Hi All! > > I am sorry if this is too basic. I am a new bee to XML/XACML. I > am trying to understand the implementation of the same from the XACML > 1.0v pdf. I came across this tag on a place where the doctor is > searching for a DOB of patient. I am baffled on whats the need of this > piece while there is another piece of code where he picks up the > subject-id user and his DOB. Whats the use of this ResourceContent ? > Please help me in understanding the same. There are two different ways of getting information from a <Request>: 1. The <*AttributeDesignator> can be used for getting a named attribute, which looks like: <Request> <Subject> <Attribute AttributeId="subject-id"> <AttributeValue>roland</AttributeValue> </Attribute> </Subject> </Request> In the policy, you use the following code to retrieve the attribute values: <SubjectMatch MatchId="string-equal"> <AttributeValue>roland</AttributeValue> <SubjectAttributeDesignator AttributeId="subject-id"/> </SubjectMatch> 2. The <AttributeSelector> can be used for getting arbitrary XML data from the request, which can be encoded like this: <Request xmlns:h="http://example.org/html4.xsd"> <Resource> <ResourceContent> <h:html> <h:head> <h:title>Hello, World</h:title> </h:head> </h:html> </ResourceContent> <Attribute AttributeId="resource-id"> <AttributeValue>http://example.org/hello.html</AttributeValue> </Attribute> </Resource> </Request> In the policy, you can use the following code: <ResourceMatch MatchId="regexp-string-match"> <AttributeValue>.*[Hh]ell.*</AttributeValue> <AttributeSelector RequestContextPath="//Request/Resource/ResourceMatch/h:html/h:head/h:tit le/text()"/> </ResourceMatch> With the <AttributeSelector>, you can embed arbitrary XML in the request context and run queries on it using XPath/XQuery. Embedding the XML document directly is often easier than retrieving (for example) the DOB and encoding it as a named attribute, especially if you don't know which fields of the medical record the policy needs for deciding. Did this clarify things a bit? Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]