[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
I am not sure if XACML request CTX allows to have function defined there. For > Also, XACML 2.0 RBAC recommends to use > &roles;account-manager and > &roles;department-manager, etc. than what you have > there. Can you do me a favour of providing a correct example? Best Regard hao --- On Fri, 1/9/09, Yoichi Takayama <yoichi@melcoe.mq.edu.au> wrote: > From: Yoichi Takayama <yoichi@melcoe.mq.edu.au> > Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute > To: "hao chen" <d95776@yahoo.com> > Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info > Date: Friday, January 9, 2009, 4:01 PM > The example I can find is: > > <Apply > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”> > 4576 > <Function > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal”/> > 4577 > <AttributeValue > 4578 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> > 4579 > <Apply > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”> > 4580 > <AttributeValue > 4581 > DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue> > 4582 > <AttributeValue > 4583 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> > 4584 > <AttributeValue > 4585 > DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue> > 4586 > <AttributeValue > 4587 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue> > 4588 > </Apply> > 4589 > </Apply> > 4590 > > > As compared with yours (below), it seems you have to put > the two values in a function called "string-bag" > as above. So, I think that it may not be a SunXACML engine > error. > > Also, XACML 2.0 RBAC recommends to use > &roles;account-manager and > &roles;department-manager, etc. than what you have > there. > > > <Request> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" > DataType="http://www.w3.org/2001/XMLSchema#anyURI"> > > <AttributeValue>account:manager:role</AttributeValue> > > <AttributeValue>card:member:department:manager:role</AttributeValue> > </Attribute> > </Subject> > <Resource> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" > DataType="http://www.w3.org/2001/XMLSchema#string"> > > <AttributeValue>AccountInformation</AttributeValue> > </Attribute> > </Resource> > <Action> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" > DataType="http://www.w3.org/2001/XMLSchema#string"> > <AttributeValue>access</AttributeValue> > </Attribute> > </Action> > </Request> > > > > > -------------------------------------------------------------------------- > Yoichi Takayama, PhD > Senior Research Fellow > RAMP Project > MELCOE (Macquarie E-Learning Centre of Excellence) > MACQUARIE UNIVERSITY > > Phone: +61 (0)2 9850 9073 > Fax: +61 (0)2 9850 6527 > www.mq.edu.au > www.melcoe.mq.edu.au/projects/RAMP/ > -------------------------------------------------------------------------- > MACQUARIE UNIVERSITY: CRICOS Provider No 00002J > > This message is intended for the addressee named and may > contain confidential information. If you are not the > intended recipient, please delete it and notify the sender. > Views expressed in this message are those of the individual > sender, and are not necessarily the views of Macquarie > E-Learning Centre Of Excellence (MELCOE) or Macquarie > University. > > On 09/01/2009, at 1:37 PM, hao chen wrote: > > > Sorry, I sent you a wrong version of request. The > attached should be the multi values attr. > > > > Best Regard > > hao > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]