OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Re: [xacml-comment] Test IIB025


I believe you are correct.


On Tue, 26 Nov 2002, Anne Anderson wrote:

> [XACML TC people - check me on this, please]
> On 26 November, tony wilson writes: [xacml-comment] Test IIB025
>  > This test appears to be designed to illustrate a subject-id mismatch
>  > between the Subject in the Context Request ('Julius Hibbert'), and that
>  > in the Policy's Rule Target ('Julius'). This would lead to a 'not
>  > applicable' Response.
>  > However, the Subject Attribute in the Context Request does not specify
>  > an Issuer,  wheras the
>  > SubjectAttributeDesignator in the Rule Target does specify an Issuer.
>  > From my reading of the Attribute matching portion of the spec (section
>  > 7.9.1), this should mean that the two attributes do not match and their
>  > values therefore cannot be compared. As the PDP will thus be unable to
>  > resolve the correct subject-id attribute from the policy, the response
>  > should therefore be 'indeterminate'. Is this a correct interpretation?
> The SubjectAttributeDesignator will "look for" a context
> attribute that matches on all the XML attributes in the
> SubjectAttributeDesignator, in this case, AttributeId, Issuer,
> and DataType.  If there is no Attribute in the context that
> matches on all of these, then the SubjectAttributeDesignator
> returns an empty bag.  Since there is no "MustBePresent" XML
> attribute in the SubjectAttributeDesignator of IIB025Policy.xml,
> the result of the <SubjectMatch is "false", not "Indeterminate",
> and the policy is "NotApplicable".
> Anne Anderson
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC