[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: XACML Privacy Profile
Hi All, I am a developer working for a research institute and I am experimenting with using XACML and MySQL databases. I am trying to impliment the Privacy Profile, and I am using the JBoss XACML library, which in turn uses the Sun XACML library for its decision engine. The question I have is very simple. I have tried to follow as closely to the standard as possible but still cannot seem to get it to work. I have attached the policy I have created as well as the associated Request and Response. Could you please take a quick look and tell me if I am doing something wrong? Thank you very, very much for your time. Regards, James Mackie
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" Version="1.0" PolicyId="Permission:specifically:for:SWHR_Applicant:role"> <Rule Effect="Permit" RuleId="Pemission:to:INSERT:UPDATE:DELETE:on:table:applicant_details"> <Target> <Subjects> <Subject> <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:prototype:role-values:SWHR_APP</AttributeValue> <SubjectAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/> </SubjectMatch> </Subject> </Subjects> <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">applicant_details</AttributeValue> <ResourceAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/> </ResourceMatch> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application processing</AttributeValue> <ResourceAttributeDesignator MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose"/> </ResourceMatch> </Resource> </Resources> <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SELECT</AttributeValue> <ActionAttributeDesignator MustBePresent="true" DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/> </ActionMatch> </Action> </Actions> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match"> <ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:2.0:resource:purpose"/> <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose"/> </Apply> </Condition> </Rule> <Rule Effect="Deny" RuleId="DenyRule"/> </Policy>
<Request xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'> <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>mackiej</AttributeValue> </Attribute> <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>urn:prototype:role-values:SWHR_APP</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>applicant_details</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>SELECT</AttributeValue> </Attribute> <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:action:purpose" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>application processing</AttributeValue> </Attribute> </Action> <Environment> </Environment> </Request> <Response xmlns='urn:oasis:names:tc:xacml:2.0:context:schema:os'> <Result ResourceId="applicant_details"> <Decision>Deny</Decision> <Status> <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> </Status> </Result> </Response>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]