OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] [schema] One two many OR levels in Target Subject?

  • 1.  [xacml] [schema] One two many OR levels in Target Subject?

    Posted 08-02-2002 18:42
    I think we MAY have defined one too many levels of OR in our Target Subject syntax. I believe the following example matches any Request in which 1. at least one Subject has AttrA == A AND AttrB == B and AttrC == C 2. OR at least one Subject has AttrE == E 3. OR at least one Subject has AttrD == D But 1. and 2. are not at the same level as 3. <Target> <Subjects> <Subject> <SubjectMatch MatchId="string-match"> <SubjectAttributeDesignator AttributeId="AttrA" DataType="xs:string"> <SubjectMatch MatchId="string-match"> <SubjectAttributeDesignator AttributeId="AttrB" DataType="xs:string"> <SubjectMatch MatchId="string-match"> <SubjectAttributeDesignator AttributeId="AttrC" DataType="xs:string"> <AttributeValue DataType="xs:string"> valueC </AttributeValue> </SubjectAttributeDesignator> </SubjectMatch> <AttributeValue DataType="xs:string"> valueB </AttributeValue> </SubjectAttributeDesignator> </SubjectMatch> <AttributeValue DataType="xs:string"> valueA </AttributeValue> </SubjectAttributeDesignator> </SubjectMatch> <SubjectMatch MatchId="string-match"> <SubjectAttributeDesignator AttributeId="AttrE" DataType="xs:string"> <AttributeValue DataType="xs:string"> valueE </AttributeValue> </SubjectAttributeDesignator> </SubjectMatch> </Subject> <Subject> <SubjectMatch MatchId="string-match"> <SubjectAttributeDesignator AttributeId="AttrD" DataType="xs:string"> <AttributeValue DataType="xs:string"> valueD </AttributeValue> </SubjectAttributeDesignator> </SubjectMatch> </Subject> </Subjects> <Resources> <AnyResource/> </Resources> <Actions> <AnyAction/> </Actions> </Target> -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692