OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: Fwd: [xacml-users] Single request to query multiple resourceswith multiple actions on each resource

Erik,

Sorry if the question was unclear, Ill try to ask it again in a
different way.

The question refers to the xacml 3.0 Request.xml which you sent to the
list, I am attaching it to this post in case anyone didnt receive it
before.

What would the difference in the result be if instead of the single
Attributes with access-subject Alice there were:

A1) 2 Attributes with Category access-subject each with 1 subject
attribute IncludeInResult="true"

B1) 1 Attribute with Category access-subject with 2 subject attributes
IncludeInResult="true"

A2) 2 Attributes with Category access-subject each with 1 subject
attribute IncludeInResult="false"

B2) 1 Attribute with Category access-subject with 2 subject attributes
IncludeInResult="false"


In the example you sent the following would be replaced: 

 <Attributes
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
      <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
IncludeInResult="false">
         <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>Alice</AttributeValue>
      </Attribute>
   </Attributes>

with A1)

<Attributes
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
      <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
IncludeInResult="true">
         <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>admin</AttributeValue>
      </Attribute>
   </Attributes>
<Attributes
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
      <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
IncludeInResult="true">
         <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>Administrators</AttributeValue>
      </Attribute>
   </Attributes>

with B1)

<Attributes
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
      <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
IncludeInResult="true">
         <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>admin</AttributeValue>
      </Attribute>
      <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
IncludeInResult="true">
         <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>Administrators</AttributeValue>
      </Attribute>

   </Attributes>

And then the same for A2 B2 but with IncludeInResult="false"


Thanks,

Andy



On Fri, 2009-10-09 at 11:42 +0200, Erik Rissanen wrote:
> Hi,
> 
> You will get the cartesian product of the <Attributes> elements. It is 
> unclear to me from you example what of it are <Attributes> elements and 
> what are <Attribute> elements.
> 
> The IncludeInResult attribute does not affect how many results you get, 
> only which attributes are played back in the result.
> 
> Best regards,
> Erik
> 
>

Request.xml

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]