Subject: Re: [xacml] What if multiple values found?
Hi Rich, The Request Context is a "notional view" of all Attributes that the PDP should take into account in evaluating its policies. The XACML specification does not specify how that Request Context will be populated, nor what policies are used in deciding which Attribute values to make available. Those are implementation and deployment dependent. It is up to the implementation of the Context Handler and the local policies on how that Context Handler will be used to determine the sources of Attributes. A Request Context supplied by a PEP is not necessarily what the PDP will use, and typically will be used to seed the Request Context used for evaluation. It is up to the local Context Handler implementation and policies as to whether an external source will be queried if the Request Context seeded from the PEP's input already contains one or more values for a given Attribute. Anne Rich Salz wrote: > A couple of detailed questions; if it's better for me to ask on > the xacml-dev list, let me know. > > 1. What do you do if the Request context specifies a value for an > attribute, but the SAML repository or whatever external source you are > using also has a value for that attribute? > > 2. Is that the same thing you do if multiple external sources provide > values for that attribute? > > Thanks. > > /r$ > -- Anne H. Anderson Anne.Anderson@sun.com Sun Microsystems Labs 1-781-442-0928 Burlington, MA USA