[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Single request to query multiple resources withmultiple actions on each resource
On Tue, 2009-09-22 at 09:48 -0500, Andy Bailey wrote: > Ludwig, > > Thanks for the quick reply. > > Can you provide a sample request and response using <MultiRequests> > its not clear to me from the 3.0 spec how it works. Sorry MultiRequests is something else (although you could probably also achieve your goal with that). I was suggesting the method from section 2.3 in the XACML v3.0 Multiple Resource Profile. Basically what you do is you send your request with multiple resource and action (and whatever) elements Example (very simplified): Request Subject = Alice Resource = file1 (includeInResult=true) Resource = file2 (includeInResult=true) Action = read with (includeInResult=true) Action = write with (includeInResult=true) And the PDP will test every combination of {file1, file2} and {read,write} giving you an answer like this (again very simplified): Response Result = Permit Attributes Resource = file1 Action = read Result = Deny Attributes Resource = file1 Action = write Result = Permit Attributes Resource = file2 Action = read Result = Permit Attributes Resource = file2 Action = write I have attached the "real" XACML files if you want to see the whole thing. > I assume the policy doesnt change at all. > Except for the syntax. XACML 3.0 has introduced a few changes in the XAMCL syntax. Have a look at the examples in the XACML 3.0 core document to get an idea what they are. Regards, Ludwig Seitz PS: Just to set things straight: Sunxacml _does_ the Multiple Resource profile for XACML 2.0 (although I don't know if it is 100% correct). -- Ludwig Seitz, PhD | Axiomatics AB Training & Development | Electrum 223 Phone: +46 (0)760 44 22 91 | S-164 40 Kista, Sweden Mail: ludwig@axiomatics.com |
This is a digitally signed message part
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]