[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute
Hi Yoichi, The example you've quoted with the "string-bag" function is from a policy, not a request. As stated in other emails, XACML v2.0 allows multiple values for attributes in requests. Regards, Craig --- craig forster | staff software engineer | ibm australia development labs http://blogs.tap.ibm.com/weblogs/craigforster/ From: Yoichi Takayama <yoichi@melcoe.mq.edu.au> To: hao chen <d95776@yahoo.com> Cc: xacml-users@lists.oasis-open.org, oleg@gryb.info Date: 10/01/2009 08:02 Subject: Re: [xacml-users] does XACML v2 allow multiple values' attribute The example I can find is: <Apply FunctionId=”urn:oasis:names:tc:xacml:1.0:function:any-of”> 4576 <Function FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-equal ”/> 4577 <AttributeValue 4578 DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> 4579 <Apply FunctionId=”urn:oasis:names:tc:xacml:1.0:function:string-bag”> 4580 <AttributeValue 4581 DataType=”http://www.w3.org/2001/XMLSchema#string”>John</AttributeValue> 4582 <AttributeValue 4583 DataType=”http://www.w3.org/2001/XMLSchema#string”>Paul</AttributeValue> 4584 <AttributeValue 4585 DataType=”http://www.w3.org/2001/XMLSchema#string”>George</AttributeValue> 4586 <AttributeValue 4587 DataType=”http://www.w3.org/2001/XMLSchema#string”>Ringo</AttributeValue> 4588 </Apply> 4589 </Apply> 4590 As compared with yours (below), it seems you have to put the two values in a function called "string-bag" as above. So, I think that it may not be a SunXACML engine error. Also, XACML 2.0 RBAC recommends to use &roles;account-manager and &roles;department-manager, etc. than what you have there. <Request> <Subject SubjectCategory=" urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>account:manager:role</AttributeValue> <AttributeValue>card:member:department:manager:role</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId=" urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType=" http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>AccountInformation</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>access</AttributeValue> </Attribute> </Action> </Request> -------------------------------------------------------------------------- Yoichi Takayama, PhD Senior Research Fellow RAMP Project MELCOE (Macquarie E-Learning Centre of Excellence) MACQUARIE UNIVERSITY Phone: +61 (0)2 9850 9073 Fax: +61 (0)2 9850 6527 www.mq.edu.au www.melcoe.mq.edu.au/projects/RAMP/ -------------------------------------------------------------------------- MACQUARIE UNIVERSITY: CRICOS Provider No 00002J This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or Macquarie University. On 09/01/2009, at 1:37 PM, hao chen wrote: Sorry, I sent you a wrong version of request. The attached should be the multi values attr. Best Regard hao
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]