[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Help on ResourceConent!
Hi Roland! Thanks for making things clear to me. BTW saw this entry in the oasis-xacmlv1.0.pdf would like to know what they exactly mean. Q) The following example illustrates a request context to which the example rules may be applicable. It represents a request by the physician Julius Hibbert to read the patient date of birth in the record of Bartholomew Simpson. XML Request: ------------ .... <ResourceContent> <md:record xmlns:md="//http:www.medico.com/schemas/record.xsd"> <md:patient> <md:patientDoB>1992-03-21</md:patientDoB> </md:patient> <!-- other fields --> </md:record> <ResourceContent> We have to search for the DoB of the patient rt ?. Its enough if we have specified the xsd hyperlink. Any idea on why they have specified a new patient record with DoB entry ?. Thanks a lot for your help. Balaji Kamal Kannadassan -----Original Message----- From: Roland Illig [mailto:roland.illig@gmx.de] Sent: Thursday, October 30, 2008 4:40 PM To: Kannadassan, Balaji (AMR:8826) Cc: xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] Help on ResourceConent! Balaji Kannadassan schrieb: > 1. The <*AttributeDesignator> can be used for getting a named > attribute, which looks like: > > <Request> > <Subject> > <Attribute AttributeId="subject-id"> > <AttributeValue>roland</AttributeValue> > </Attribute> > </Subject> > </Request> > > [Balaji] Here we are getting a request to pick a record with subjec-id > as roland. That's correct. > In the policy, you use the following code to retrieve the attribute > values: > > <SubjectMatch MatchId="string-equal"> > <AttributeValue>roland</AttributeValue> > <SubjectAttributeDesignator AttributeId="subject-id"/> > </SubjectMatch> > > [Balaji] We are matching the same with "roland" so those whose name > matches roland this policy would be applicable rt ?. Please do correct > me if I am wrong on the same. That's also correct. > 2. The <AttributeSelector> can be used for getting arbitrary XML data > from the request, which can be encoded like this: > > <Request xmlns:h="http://example.org/html4.xsd"> > <Resource> > <ResourceContent> > <h:html> > <h:head> > <h:title>Hello, World</h:title> > </h:head> > </h:html> > </ResourceContent> > <Attribute AttributeId="resource-id"> > <AttributeValue>http://example.org/hello.html</AttributeValue> > </Attribute> > </Resource> > </Request> > > [Balaji] We are making h to point to a XML schema definition and > define record h with the contents rt ?. So whats does url with > hello.html has to play here ? I included it to show that the <ResourceContent> is that of a specific document. It doesn't have any other specific purpose. > <ResourceMatch MatchId="regexp-string-match"> > <AttributeValue>.*[Hh]ell.*</AttributeValue> > <AttributeSelector > RequestContextPath="//Request/Resource/ResourceMatch/h:html/h:head/h:t > it > le/text()"/> > </ResourceMatch> > > [Balaji] In here are we saying that those with the title value > containing .*[Hh]ell.* this policy will be applicable ?. Yes, exactly. Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]