[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Beginner query
Paul, The Web Services Profile for XACML (WS-XACML) has a "must-be-present" function, but since it hasn't been implemented yet, that doesn't solve your problem. With the existing implementations, you can write a condition that will accept any value for the Attribute, e.g. (I may have the exact syntax for these expressions wrong, but you can get the idea): <Apply FunctionId="...:regular-expression-match"> <AttributeValue DataType="...#string">*</AttributeValue> <AttributeDesignature AttributeId="X" DataType="...#string"/> </Apply> <Apply FunctionId="...:or"> <Apply FunctionId="...:integer-greater-than-or-equal"> <AttributeDesignature AttributeId="X" DataType="...#string"/> <AttributeValue DataType="...#integer">0</AttributeValue> </Apply> <Apply FunctionId="...:integer-less-than"> <AttributeDesignature AttributeId="X" DataType="...#string"/> <AttributeValue DataType="...#integer">0</AttributeValue> </Apply> </Apply> Regards, Anne Anderson Paul Edwards wrote: > Hi, > > I hope I'm mailing the correct place. > > I am wanting to permit a request, provided certain attributes are > present. I don't care about their value, just the fact that they are > present. I cannot see any way of doing this without implementing my own > match function. Is this correct or have I missed something? I believe my > final policy doc would look like this: > > <?xml version="1.0" encoding="UTF-8"?> > <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > > xsi:schemaLocation="http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema=policy-01.xsd" > > RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides"> > > <Description>Policy template for attribute checking</Description> > > <!-- This policy document applies to all requests --> > <Target> > <Subjects> > <AnySubject/> > </Subjects> > <Resources> > <AnyResource/> > </Resources> > <Actions> > <AnyAction/> > </Actions> > </Target> > > <!-- Rules for attributes --> > <Rule RuleId="EmailRule" Effect="Permit"> > <Description>Allow Email address</Description> > <Target> > <Subjects> > <Subject> > <ResourceMatch MatchId="isPresent"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string"></AttributeValue> > <SubjectAttributeDesignator > DataType="http://www.w3.org/2001/XMLSchema#anyURI" > AttributeId="emailAddress"/> > </SubjectMatch> > </Subject> > </Subjects> > <Resources> > <AnyResource/> > </Resources> > <Actions> > <AnyAction/> > </Actions> > </Target> > </Rule> > </Policy> > > Thanks > P. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-users-help@lists.oasis-open.org > -- Anne H. Anderson Anne.Anderson@sun.com Sun Microsystems Labs 1-781-442-0928 Burlington, MA USA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]