[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute<-- It works now
I found the reason why the decision was "NotApplicable" - in your policy set with ID 'PPS:account:manager:role' you had spaces around 'AccountInformation': <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> AccountInformation </AttributeValue> I've changed it to: <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">AccountInformation</AttributeValue> After that I ran the same request again and got decision 'Permit'. I think this is what you've expected... <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><urn:Response xmlns:urn="urn:oasis:names:tc:xacml:2.0:context:schema:os"><urn:Result ResourceId="AccountInformation"><urn:Decision>Permit</urn:Decision><urn:Status><urn:StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/></urn:Status></urn:Result></urn:Response></soapenv:Body></soapenv:Envelope> --- On Fri, 1/9/09, Oleg Gryb <oleg_gryb@yahoo.com> wrote: > From: Oleg Gryb <oleg_gryb@yahoo.com> > Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute > To: xacml-users@lists.oasis-open.org, "hao chen" <d95776@yahoo.com> > Date: Friday, January 9, 2009, 6:42 PM > I've checked your example with XACMLight and it > didn't through the error, but Decision was > "NotApplicable". Is it what you've expected > for the given request? > > If not, I can investigate it further. I had to change the > following errors in your request and in policies to make > them compliant with OASIS XSD: > > 1. Added namespaces to both policies and to request > 2. Added a required <Environment/> element to Request > > I've also created a config file for XACMLight and > converted the Request to a SOAP message (both are attached). > > Response: > <?xml version='1.0' > encoding='UTF-8'?><soapenv:Envelope > xmlns:soapenv="http://sc > hemas.xmlsoap.org/soap/envelope/"><soapenv:Body><urn:Response > xmlns:urn="urn:oas > is:names:tc:xacml:2.0:context:schema:os"><urn:Result > ResourceId="AccountInformat > ion"><urn:Decision>NotApplicable</urn:Decision><urn:Status><urn:StatusCode > Value > ="urn:oasis:names:tc:xacml:1.0:status:ok"/></urn:Status></urn:Result></urn:Respo > nse></soapenv:Body></soapenv:Envelope> > > > --- On Fri, 1/9/09, hao chen <d95776@yahoo.com> wrote > > From: hao chen <d95776@yahoo.com> > > Subject: Re: [xacml-users] does XACML v2 allow > multiple values' attribute > > To: xacml-users@lists.oasis-open.org, oleg@gryb.info > > Date: Friday, January 9, 2009, 4:37 PM > > Sorry, I sent you a wrong version of request. The > attached > > should be the multi values attr. > > > > Best Regard > > hao > > > > --- On Fri, 1/9/09, Oleg Gryb > <oleg_gryb@yahoo.com> > > wrote: > > > > > From: Oleg Gryb <oleg_gryb@yahoo.com> > > > Subject: Re: [xacml-users] does XACML v2 allow > > multiple values' attribute > > > To: xacml-users@lists.oasis-open.org, "hao > > chen" <d95776@yahoo.com> > > > Date: Friday, January 9, 2009, 3:31 PM > > > OK, thanks, I'll try it later today and let > you > > know > > > about the results. > > > > > > > > > --- On Fri, 1/9/09, hao chen > <d95776@yahoo.com> > > > wrote: > > > > > > > From: hao chen <d95776@yahoo.com> > > > > Subject: Re: [xacml-users] does XACML v2 > allow > > > multiple values' attribute > > > > To: xacml-users@lists.oasis-open.org, > > oleg@gryb.info > > > > Date: Friday, January 9, 2009, 4:28 PM > > > > The attached are the policies and request I > am > > using: > > > > > > > > > > > > Best Regard > > > > > > > > > > > > --- On Fri, 1/9/09, Oleg Gryb > > > <oleg_gryb@yahoo.com> > > > > wrote: > > > > > > > > > From: Oleg Gryb > <oleg_gryb@yahoo.com> > > > > > Subject: Re: [xacml-users] does XACML > v2 > > allow > > > > multiple values' attribute > > > > > To: xacml-users@lists.oasis-open.org, > > > d95776@yahoo.com > > > > > Date: Friday, January 9, 2009, 2:48 PM > > > > > ... if you send your Policy to me, I > can try > > it > > > with > > > > > XACMLight. Request seems to be correct > from > > XSD > > > point > > > > of > > > > > view. > > > > > > > > > > > > > > > --- On Fri, 1/9/09, hao chen > > > <d95776@yahoo.com> > > > > > wrote: > > > > > > > > > > > From: hao chen > <d95776@yahoo.com> > > > > > > Subject: [xacml-users] does XACML > v2 > > allow > > > > multiple > > > > > values' attribute > > > > > > To: > xacml-users@lists.oasis-open.org > > > > > > Date: Friday, January 9, 2009, > 3:38 PM > > > > > > Hi, > > > > > > > > > > > > I use sun xacml implementation. > When I > > use > > > > multiple > > > > > > values' attribute, I got the > > following > > > error: > > > > > > Exception in thread > "main" > > > > > > com.sun.xacml.ParsingException: > Too > > many > > > values > > > > in > > > > > Attribute > > > > > > > > > > > > The request is as > > > > > > <Request> > > > > > > <Subject > > > > > > > > > > > > > > > > > > > > > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> > > > > > > <Attribute > > > > > > > > > > > > > > > > > > > > > AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" > > > > > > > > > > > > > > > > > > > > > DataType="http://www.w3.org/2001/XMLSchema#anyURI"> > > > > > > > > > > > > > > > > > > > > > > > > > > > <AttributeValue>account:manager:role</AttributeValue> > > > > > > > > > > > > > > > > > > > > > > > > > > > <AttributeValue>card:member:department:manager:role</AttributeValue> > > > > > > </Attribute> > > > > > > </Subject> > > > > > > <Resource> > > > > > > <Attribute > > > > > > > > > > > > > > > > > > > > > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" > > > > > > > > > > > > > > > > > > > > > DataType="http://www.w3.org/2001/XMLSchema#string"> > > > > > > > > > > > > > > > > > > > > > > > > > > > <AttributeValue>AccountInformation</AttributeValue> > > > > > > </Attribute> > > > > > > </Resource> > > > > > > <Action> > > > > > > <Attribute > > > > > > > > > > > > > > > > > > > > > AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" > > > > > > > > > > > > > > > > > > > > > DataType="http://www.w3.org/2001/XMLSchema#string"> > > > > > > > > > > > > > > > <AttributeValue>access</AttributeValue> > > > > > > </Attribute> > > > > > > </Action> > > > > > > </Request> > > > > > > > > > > > > The sun's java doc says only > one > > value > > > is > > > > allowed > > > > > for a > > > > > > attribute. > > > > > > > > > > > > hao > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: > > > > > > > > xacml-users-unsubscribe@lists.oasis-open.org > > > > > > For additional commands, e-mail: > > > > > > > xacml-users-help@lists.oasis-open.org > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > > > xacml-users-unsubscribe@lists.oasis-open.org > > > > For additional commands, e-mail: > > > > xacml-users-help@lists.oasis-open.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > xacml-users-unsubscribe@lists.oasis-open.org > > For additional commands, e-mail: > > xacml-users-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]