Ø One thing I don't understand is why I have to use a "less-than" function in the target while I used a "greater-than" in the condition.....
The order of arguments is constrained in “*Match” elements. The AttributeValue must precede the attribute designator, so you must use the appropriate comparison function.
Regards,
--Paul
From: valerie.bauche@bull.net [mailto:valerie.bauche@bull.net]
Sent: Friday, January 28, 2011 08:43
To: xacml-users@lists.oasis-open.org
Subject: [xacml-users] Réf. : Re: [xacml-users] Problem with an or function
Finally I tried to use a target like this :
<Target xmlns="urn:oasis:names:tc:xacml:1.0:policy">
<Subjects>
<Subject xmlns="urn:oasis:names:tc:xacml:1.0:policy">
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-less-than-or-equal" xmlns="urn:oasis:names:tc:xacml:1.0:policy">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">10</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:SAML:2.0:attrname-format:basic:profile1" DataType="http://www.w3.org/2001/XMLSchema#string"></SubjectAttributeDesignator>
</SubjectMatch>
</Subject>
<Subject xmlns="urn:oasis:names:tc:xacml:1.0:policy">
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-less-than-or-equal" xmlns="urn:oasis:names:tc:xacml:1.0:policy">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">10</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:SAML:2.0:attrname-format:basic:profile2" DataType="http://www.w3.org/2001/XMLSchema#string"></SubjectAttributeDesignator>
</SubjectMatch>
</Subject>
</Subjects>
<Resources><AnyResource xmlns=""></AnyResource></Resources>
<Actions><AnyAction xmlns=""></AnyAction></Actions>
</Target>
And it seems to work !
One thing I don't understand is why I have to use a "less-than" function in the target while I used a "greater-than" in the condition.....
Valérie