OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute


Hi Hao,

The syntax "&roles;[role-name]" is simply used for shortening the full URI
for the role identifier.  From the spec:

      <!ENTITY roles "urn:example:role-values:">

So "&roles;[role-name]" is equivalent to
"urn:example:role-values:[role-name".

Section 1.1 of the RBAC profile defines these notations.  They are mainly
for readability in the specification.

Regards,
Craig

---
craig forster | staff software engineer | ibm australia development labs
http://blogs.tap.ibm.com/weblogs/craigforster/


                                                                                                                                 
  From:       hao chen <d95776@yahoo.com>                                                                                        
                                                                                                                                 
  To:         Yoichi Takayama <yoichi@melcoe.mq.edu.au>                                                                          
                                                                                                                                 
  Cc:         xacml-users@lists.oasis-open.org, oleg@gryb.info                                                                   
                                                                                                                                 
  Date:       10/01/2009 09:24                                                                                                   
                                                                                                                                 
  Subject:    Re: [xacml-users] does XACML v2 allow multiple values' attribute                                                   
                                                                                                                                 





I am not sure if XACML request CTX allows to have function defined there.

For
> Also, XACML 2.0 RBAC recommends to use
> &roles;account-manager and
> &roles;department-manager, etc. than what you have
> there.

Can you do me a favour of providing a correct example?

Best Regard
hao
--- On Fri, 1/9/09, Yoichi Takayama <yoichi@melcoe.mq.edu.au> wrote:

> From: Yoichi Takayama <yoichi@melcoe.mq.edu.au>
> Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
> To: "hao chen" <d95776@yahoo.com>
> Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info
> Date: Friday, January 9, 2009, 4:01 PM
> The example I can find is:
>
> <Apply
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”>
> 4576
>  <Function
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal”/>
> 4577
>  <AttributeValue
> 4578
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
> 4579
>  <Apply
> FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”>
> 4580
>   <AttributeValue
> 4581
> DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue>
> 4582
>   <AttributeValue
> 4583
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue>
> 4584
>   <AttributeValue
> 4585
>
DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue>
> 4586
>   <AttributeValue
> 4587
> DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue>
> 4588
>  </Apply>
> 4589
> </Apply>
> 4590
>
>
> As compared with yours (below), it seems you have to put
> the two values in a function called "string-bag"
> as above. So, I think that it may not be a SunXACML engine
> error.
>
> Also, XACML 2.0 RBAC recommends to use
> &roles;account-manager and
> &roles;department-manager, etc. than what you have
> there.
>
>
> <Request>
>   <Subject
>
SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">

>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
> DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
>
> <AttributeValue>account:manager:role</AttributeValue>
>
> <AttributeValue>card:member:department:manager:role</AttributeValue>
>     </Attribute>
>   </Subject>
>   <Resource>
>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
> DataType="http://www.w3.org/2001/XMLSchema#string";>
>
> <AttributeValue>AccountInformation</AttributeValue>
>     </Attribute>
>   </Resource>
>   <Action>
>     <Attribute
> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
> DataType="http://www.w3.org/2001/XMLSchema#string";>
>     <AttributeValue>access</AttributeValue>
>     </Attribute>
>   </Action>
> </Request>
>
>
>
>
>
--------------------------------------------------------------------------
> Yoichi Takayama, PhD
> Senior Research Fellow
> RAMP Project
> MELCOE (Macquarie E-Learning Centre of Excellence)
> MACQUARIE UNIVERSITY
>
> Phone: +61 (0)2 9850 9073
> Fax: +61 (0)2 9850 6527
> www.mq.edu.au
> www.melcoe.mq.edu.au/projects/RAMP/
>
--------------------------------------------------------------------------
> MACQUARIE UNIVERSITY: CRICOS Provider No 00002J
>
> This message is intended for the addressee named and may
> contain confidential information.  If you are not the
> intended recipient, please delete it and notify the sender.
> Views expressed in this message are those of the individual
> sender, and are not necessarily the views of Macquarie
> E-Learning Centre Of Excellence (MELCOE) or Macquarie
> University.
>
> On 09/01/2009, at 1:37 PM, hao chen wrote:
>
> > Sorry, I sent you a wrong version of request. The
> attached should be the multi values attr.
> >
> > Best Regard
> > hao
> >




---------------------------------------------------------------------
To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-users-help@lists.oasis-open.org




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]