OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: XACML Privacy Profile

Hi All,

I am a developer working for a research institute and I am
experimenting with using XACML and MySQL databases.

I am trying to impliment the Privacy Profile, and I am using the JBoss
XACML library, which in turn uses the Sun XACML library for its
decision engine.

The question I have is very simple. I have tried to follow as closely
to the standard as possible but still cannot seem to get it to work. I
have attached the policy I have created as well as the associated
Request and Response. Could you please take a quick look and tell me
if I am doing something wrong?

Thank you very, very much for your time.

Regards,
James Mackie




<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" Version="1.0" PolicyId="Permission:specifically:for:SWHR_Applicant:role">
    <Rule Effect="Permit" RuleId="Pemission:to:INSERT:UPDATE:DELETE:on:table:applicant_details">
        <Target>
            <Subjects>
                <Subject>
                    <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>urn:prototype:role-values:SWHR_APP</AttributeValue>
                        <SubjectAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
                    </SubjectMatch>
                </Subject>
            </Subjects>
            <Resources>
                <Resource>
                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>applicant_details</AttributeValue>
                        <ResourceAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
                    </ResourceMatch>
                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>application processing</AttributeValue>
                        <ResourceAttributeDesignator MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose"/>
                    </ResourceMatch>
                </Resource>
            </Resources>
            <Actions>
                <Action>
                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>SELECT</AttributeValue>
                        <ActionAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
                    </ActionMatch>
                </Action>
            </Actions>
        </Target>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
                <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose"/>
                <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"; AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose"/>
            </Apply>
        </Condition>
    </Rule>
    <Rule Effect="Deny" RuleId="DenyRule"/>
</Policy>
<Request xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'>
   <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
	<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string";>
		<AttributeValue>mackiej</AttributeValue>
	</Attribute>
	<Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
		<AttributeValue>urn:prototype:role-values:SWHR_APP</AttributeValue>
	</Attribute>
   </Subject>
   <Resource>
	<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string";>
		<AttributeValue>applicant_details</AttributeValue>
	</Attribute>
   </Resource>
   <Action>
	<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string";>
		<AttributeValue>SELECT</AttributeValue>
	</Attribute>
	<Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose" DataType="http://www.w3.org/2001/XMLSchema#string";>
		<AttributeValue>application processing</AttributeValue>
	</Attribute>
   </Action>
   <Environment>
   </Environment>
</Request>

<Response xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'>
   <Result ResourceId="applicant_details">
      <Decision>Deny</Decision>
      <Status>
         <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
      </Status>
   </Result>
</Response>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]