OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] Chapter 3 1st Example (fwd)

On 21 August, Polar Humenn writes: [xacml] Chapter 3 1st Example (fwd)
 > The first example only states one rule that says anybody with an email
 > address matching *@medico.com yields a Permit. There is no other rule.
 > It states that with the Deny-overrides combinator, a result of "Deny" is
 > returned for "bs@simpsons.com", and states the result that way. Yet, our
 > deny-overrides combining rule states that this policy should result in
 > NotApplicable.
 > Do we have an issue here?

My bad.  There are several errors in this example:

1. The MatchId should be "function:rfc822name-match"
2. The <AttributeValue of type rfc822Name" should be
   "@medico.com", not "*@medico.com"
3. There should be no newline before or after <AttributeValue>
4. Request and Response xml attributes need to include:
5. There should be no newline before or after <Decision> values.
6. The decision result is "NotApplicable", rather than "deny"
7. The paragraph describing the result should read:

   As a result, there is no Rule in this Policy that returns a
   "Permit" result for this request.  The RuleCombiningAlgorithm
   for this Policy specifies that, in this case, a result of
   "NotApplicable" should be returned.  In XACML, this response
   looks as follows:

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC