[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
Hi Hao, The syntax "&roles;[role-name]" is simply used for shortening the full URI for the role identifier. From the spec: <!ENTITY roles "urn:example:role-values:"> So "&roles;[role-name]" is equivalent to "urn:example:role-values:[role-name". Section 1.1 of the RBAC profile defines these notations. They are mainly for readability in the specification. Regards, Craig --- craig forster | staff software engineer | ibm australia development labs http://blogs.tap.ibm.com/weblogs/craigforster/ From: hao chen <d95776@yahoo.com> To: Yoichi Takayama <yoichi@melcoe.mq.edu.au> Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info Date: 10/01/2009 09:24 Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute I am not sure if XACML request CTX allows to have function defined there. For > Also, XACML 2.0 RBAC recommends to use > &roles;account-manager and > &roles;department-manager, etc. than what you have > there. Can you do me a favour of providing a correct example? Best Regard hao --- On Fri, 1/9/09, Yoichi Takayama <yoichi@melcoe.mq.edu.au> wrote: > From: Yoichi Takayama <yoichi@melcoe.mq.edu.au> > Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute > To: "hao chen" <d95776@yahoo.com> > Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info > Date: Friday, January 9, 2009, 4:01 PM > The example I can find is: > > <Apply > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”> > 4576 > <Function > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal”/> > 4577 > <AttributeValue > 4578 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> > 4579 > <Apply > FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”> > 4580 > <AttributeValue > 4581 > DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue> > 4582 > <AttributeValue > 4583 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> > 4584 > <AttributeValue > 4585 > DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue> > 4586 > <AttributeValue > 4587 > DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue> > 4588 > </Apply> > 4589 > </Apply> > 4590 > > > As compared with yours (below), it seems you have to put > the two values in a function called "string-bag" > as above. So, I think that it may not be a SunXACML engine > error. > > Also, XACML 2.0 RBAC recommends to use > &roles;account-manager and > &roles;department-manager, etc. than what you have > there. > > > <Request> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" > DataType="http://www.w3.org/2001/XMLSchema#anyURI"> > > <AttributeValue>account:manager:role</AttributeValue> > > <AttributeValue>card:member:department:manager:role</AttributeValue> > </Attribute> > </Subject> > <Resource> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" > DataType="http://www.w3.org/2001/XMLSchema#string"> > > <AttributeValue>AccountInformation</AttributeValue> > </Attribute> > </Resource> > <Action> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" > DataType="http://www.w3.org/2001/XMLSchema#string"> > <AttributeValue>access</AttributeValue> > </Attribute> > </Action> > </Request> > > > > > -------------------------------------------------------------------------- > Yoichi Takayama, PhD > Senior Research Fellow > RAMP Project > MELCOE (Macquarie E-Learning Centre of Excellence) > MACQUARIE UNIVERSITY > > Phone: +61 (0)2 9850 9073 > Fax: +61 (0)2 9850 6527 > www.mq.edu.au > www.melcoe.mq.edu.au/projects/RAMP/ > -------------------------------------------------------------------------- > MACQUARIE UNIVERSITY: CRICOS Provider No 00002J > > This message is intended for the addressee named and may > contain confidential information. If you are not the > intended recipient, please delete it and notify the sender. > Views expressed in this message are those of the individual > sender, and are not necessarily the views of Macquarie > E-Learning Centre Of Excellence (MELCOE) or Macquarie > University. > > On 09/01/2009, at 1:37 PM, hao chen wrote: > > > Sorry, I sent you a wrong version of request. The > attached should be the multi values attr. > > > > Best Regard > > hao > > --------------------------------------------------------------------- To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org For additional commands, e-mail: xacml-users-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]