[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Single request to query multiple resources with multiple actionson each resource
Hello, This is my first post on the mailing list and I only discovered xacml this week, so please be tolerant if I ask questions with obvious answers. I have searched through the xacml 2.0 spec for the capabilities to do the following: My use case is I have a user interface component with a list of resources and for each resource multiple actions that the user can perform. I wish to in a single xacml request determine which buttons should be shown to the user and which either not shown or disabled. I have got the case working for 1 action and multiple resources with xacmllight (which uses sunxacml under the covers). Fragment of request: ... <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>http://server.example.com/code/docs/developer-guide.html</AttributeValue> </Attribute> </Resource> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <AttributeValue>http://server.example.com/code/docs/administrator.html</AttributeValue> </Attribute> </Resource> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>GET</AttributeValue> </Attribute> </Action> <!-- the above works but the following what I would like to add doesnt --> <Action> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>DELETE</AttributeValue> </Attribute> </Action> ... However if I specify multiple actions it produces a "syntax error" soap message. Is there a way to specify multiple actions and have a cartesian product result returned ie: resource1 action1 permit resource2 action1 deny resource1 action2 deny resource2 action2 permit or even better associate the specific actions with each resource (ie maybe the resource2 doesnt permit action2 so theres no point querying for the permission to do so) I know I can do separate queries for each action and aggregate the xml documents but thats more processing to do on the PDP and PEP. It seems like a fairly common use case so I wonder if there is a better way to do it. Thanks in advance Andy Bailey http://www.hazlorealidad.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]