1 message in org.oasis-open.lists.xacml-usersRe: [xacml-users] Access descision fo...| From | Sent On | Attachments |
|---|---|---|
| Anne Anderson | Jul 23, 2007 12:52 pm |
| Subject: | Re: [xacml-users] Access descision for multiple resources | |
|---|---|---|
| From: | Anne Anderson (Anne...@sun.com) | |
| Date: | Jul 23, 2007 12:52:33 pm | |
| List: | org.oasis-open.lists.xacml-users | |
Giedrius,
I have not checked your syntax closely, but as far as I can tell you have the right format for a request for multiple resources. I don't know whether any of the available implementations support the Multiple Resources Profile, however.
Regards, Anne
Giedrius Trumpickas wrote:
Hi,
I have a need to sent XACML authz request for multiple resources. In my case resources are product types and action for resources is "isLicenced" XACML request for a single resource looks like this:
<?xml version="1.0" encoding="UTF-8"?> <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd
"> <Subject> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <AttributeValue>bs...@simpsons.com</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ProductTypeA</AttributeValue> </Attribute> </Resource> <Action> <!-- Action on resource is isLicenced --> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>isLicensed</AttributeValue> </Attribute> </Action> <Environment/> </Request>
I'm assuming that for multiple resources request should looks something like this?:
<?xml version="1.0" encoding="UTF-8"?> <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd
"> <Subject> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <AttributeValue>bs...@simpsons.com</AttributeValue> </Attribute> </Subject> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ProductTypeA</AttributeValue> </Attribute> </Resource> <Resource> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>ProductTypeC</AttributeValue> </Attribute> </Resource> <Action> <!-- Action on resource is isLicenced --> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"> <AttributeValue>isLicensed</AttributeValue> </Attribute> </Action> <Environment/> </Request>
Thanks, Giedrius