3 messages in org.oasis-open.lists.xacml-usersBeginner query| From | Sent On | Attachments |
|---|---|---|
| Paul Edwards | Dec 10, 2006 7:26 pm | |
| Anne Anderson | Dec 11, 2006 3:41 am | |
| Seth Proctor | Dec 11, 2006 7:06 am |
| Subject: | Beginner query | |
|---|---|---|
| From: | Paul Edwards (paul...@identitysolutions.co.nz) | |
| Date: | Dec 10, 2006 7:26:36 pm | |
| List: | org.oasis-open.lists.xacml-users | |
Hi,
I hope I'm mailing the correct place.
I am wanting to permit a request, provided certain attributes are present. I don't care about their value, just the fact that they are present. I cannot see any way of doing this without implementing my own match function. Is this correct or have I missed something? I believe my final policy doc would look like this:
<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.oasis-open.org/tc/xacml/1.0/cs-xacml-schema=policy-01.xsd"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>Policy template for attribute checking</Description>
<!-- This policy document applies to all requests --> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target>
<!-- Rules for attributes --> <Rule RuleId="EmailRule" Effect="Permit"> <Description>Allow Email address</Description> <Target> <Subjects> <Subject> <ResourceMatch MatchId="isPresent"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"></AttributeValue> <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="emailAddress"/> </SubjectMatch> </Subject> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> </Rule> </Policy>
Thanks P.