[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: How to build a PDP request of a subject with multiple roles
Hi, I am using XACML to conduct role based access control (RBAC profile of XACML v2). I have a subject who has more than one roles such as Account Manager role and Customer Rep role. I try to submit a PDP request to ask if the subject can do account update. The resource is account; the action is update. Actually, the Account Manager role is allowed to do the account update; but Customer Rep role is not. How could I build the PDP request in XACML for a subject with more than one role. Is the following right? <Request> <Subject> <Attribute AttributeId=”&subject;role-id” DataType=”&xml;anyURI”> <AttributeValue>Account Manager</AttributeValue> </Attribute> <Attribute AttributeId=”&subject;role-id” DataType=”&xml;anyURI”> <AttributeValue>Customer Rep</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId=”&resource;resource-id;” DataType=”&xml;anyURI”> <AttributeValue>account</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId=”&action;action-id” DataType="&xml;anyURI">update</AttributeValue> </Attribute> </Action> </Request> Or I should use 2 subjects? thanks hao
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]