OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Policy Template Profile Examples


What purpose does the target in the policy in section 1 of the Policy
Template Profile Examples serve ?


It is testing whether the policy-id XACML attribute is equal to the PolicyId
XML attribute of the containing policy.

In order for this policy to be considered in the evaluation of an authorization
request, the authorization request would have to include "urn:curtiss:ba:taa:taa-1.1"
as a value of this policy-id XACML attribute. Or in other words, the PEP has to
predict which policies are going to be evaluated to satisfy its authorization
request before it makes its request (it pretty much has to work out the answer
before it asks the question!). That's daft, so I've disregarded the targets as
a mistake. However, their continued presence may be contributing to the confusion
around the Policy Template Profile. I believe this target, and every other
target in the examples, should be wiped clean and the PolicyIdOnResource
parameter removed. Do you agree ?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]