[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xspa] Jericho RSA and XSPA PDPs
yes Dilli Dorai wrote: > Dunae, > Is this request constructed with OpenSSO client api? > Thanks. > -Dilli > > On 02/23/09 12:22, Brian McClung wrote: >> Duane, >> >> The last request that came through doesn't properly define the >> xacml-context namespace. Here's what we received: >> >> <soapenv:Envelope >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" >> xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:xd="http://www.w3.org/2000/09/xmldsig#" >> xmlns:xe="http://www.w3.org/2001/04/xmlenc#"> >> <soapenv:Header/> >> <soapenv:Body> >> <xacml-context:Request> >> <xacml-context:Subject >> SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> >> >> <xacml-context:Attribute >> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>Doctor,Bob</AttributeValue> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:role" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>physician</AttributeValue> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue> >> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>Healthcare Domain A</AttributeValue> >> </xacml-context:Attribute> </xacml-context:Subject> >> <xacml-context:Resource> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue> >> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> >> >> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> >> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code" >> >> >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>MA</AttributeValue> >> </xacml-context:Attribute> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications:dissented-subject-id" >> >> >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>Doctor, Bob I</AttributeValue> >> </xacml-context:Attribute> </xacml-context:Resource> >> <xacml-context:Action> <xacml-context:Attribute >> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>read</AttributeValue> >> </xacml-context:Attribute> >> </xacml-context:Action> >> <xacml-context:Environment> >> <xacml-context:Attribute >> AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality" >> DataType="http://www.w3.org/2001/XMLSchema#string" > >> <AttributeValue>Healthcare Domain A</AttributeValue> >> </xacml-context:Attribute> </xacml-context:Environment> >> </xacml-context:Request> >> >> </soapenv:Body> >> </soapenv:Envelope> >> >> Brian McClung >> >> Senior Software Engineer >> Jericho Systems Corporation >> Toll Free: 877-231-2200 >> Local: 972-231-2000 >> Fax: 972-234-1100 >> >> http://www.jerichosystems.com <blocked::http://www.jerichosystems.com/> >> >> */EnterSpace Technology: Decisioning Defined^TM /*// >> >> *The information contained in this e-mail and all attachments >> transmitted with it is the Confidential and Proprietary information of >> Jericho Systems Corporation. If the reader of this message is not the >> intended recipient, or an employee or agent responsible for delivering >> this message to the intended recipient, you are hereby notified that any >> dissemination, distribution, copying, or other use of this message or >> its attachments is strictly prohibited. If you have received this >> message in error, please notify the sender immediately by replying to >> this message and please delete it from your computer.* >> >> >> >> Duane DeCouteau wrote: >> >>> After reconfiguring client to ../XACMLRSA8Service (RSA XACML Policies) >>> client is returning "Permit". As expected the XSPA Service Provider >>> .../XACMLService PDP continues to throw an parsing exception which I >>> am looking at. >>> >>> Duane >>> >>> Request: Mon Feb 23 11:57:49 PST 2009 >>> <xacml-context:Request> >>> <xacml-context:Subject >>> SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> >>> >>> >>> <xacml-context:Attribute >>> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>Doctor,Bob</AttributeValue> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:role" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>physician</AttributeValue> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue> >>> >>> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>Healthcare Domain A</AttributeValue> >>> </xacml-context:Attribute> >>> </xacml-context:Subject> >>> <xacml-context:Resource> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue> >>> >>> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> >>> >>> >>> <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> >>> >>> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code" >>> >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>MA</AttributeValue> >>> </xacml-context:Attribute> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications:dissented-subject-id" >>> >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>Doctor, Bob I</AttributeValue> >>> </xacml-context:Attribute> >>> </xacml-context:Resource> >>> <xacml-context:Action> >>> <xacml-context:Attribute >>> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>read</AttributeValue> >>> </xacml-context:Attribute> >>> </xacml-context:Action> >>> <xacml-context:Environment> >>> <xacml-context:Attribute >>> AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality" >>> DataType="http://www.w3.org/2001/XMLSchema#string" > >>> <AttributeValue>Healthcare Domain A</AttributeValue> >>> </xacml-context:Attribute> >>> </xacml-context:Environment> >>> </xacml-context:Request> >>> >>> Response: Mon Feb 23 11:57:50 PST 2009 >>> <xacml-context:Result ResourceId=""> >>> <xacml-context:Decision>Permit</xacml-context:Decision> >>> <xacml-context:Status> >>> <xacml-context:StatusCode >>> Value="urn:oasis:names:tc:xacml:1.0:status:ok"></xacml-context:StatusCode> >>> >>> >>> </xacml-context:Status> >>> </xacml-context:Result> >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe from this mail list, you must leave the OASIS TC that >>> generates this mail. Follow this link to all your TCs in OASIS at: >>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >>> > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]