[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Re: [xacml-comment] Test IIB025
Anne, I believe you are correct. -Polar On Tue, 26 Nov 2002, Anne Anderson wrote: > [XACML TC people - check me on this, please] > > On 26 November, tony wilson writes: [xacml-comment] Test IIB025 > > This test appears to be designed to illustrate a subject-id mismatch > > between the Subject in the Context Request ('Julius Hibbert'), and that > > in the Policy's Rule Target ('Julius'). This would lead to a 'not > > applicable' Response. > > However, the Subject Attribute in the Context Request does not specify > > an Issuer, wheras the > > SubjectAttributeDesignator in the Rule Target does specify an Issuer. > > From my reading of the Attribute matching portion of the spec (section > > 7.9.1), this should mean that the two attributes do not match and their > > values therefore cannot be compared. As the PDP will thus be unable to > > resolve the correct subject-id attribute from the policy, the response > > should therefore be 'indeterminate'. Is this a correct interpretation? > > The SubjectAttributeDesignator will "look for" a context > attribute that matches on all the XML attributes in the > SubjectAttributeDesignator, in this case, AttributeId, Issuer, > and DataType. If there is no Attribute in the context that > matches on all of these, then the SubjectAttributeDesignator > returns an empty bag. Since there is no "MustBePresent" XML > attribute in the SubjectAttributeDesignator of IIB025Policy.xml, > the result of the <SubjectMatch is "false", not "Indeterminate", > and the policy is "NotApplicable". > > Anne Anderson > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC