Re: [sunxacml-discuss] multiple AttributeValue inside Attribute for RequestCtx
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
Re: [sunxacml-discuss] multiple AttributeValue inside Attribute for RequestCtx
|
From: Ashok S. <as...@sf...> - 2005-05-05 16:04:25
|
Hello Anne, Thanks for the reply :) On Thu, 05 May 2005 11:35:01 -0400, Anne Anderson <Ann...@su...> wrote: > Ashok, > > I think what you want to do is create one XACML Attribute instance for > each <saml:AttributeValue>. Each XACML Attribute will have the same > AttributeId and DataType (assuming all the <saml:AttributeValue> > instances are the same DataType). I was just wonderinig if this is a work around for this problem or is a proper solution? I read the XACML 1.1, and XACML 2.0 specifications. I thought it might be possible for a <xacml-context:Attribute> to have multiple <xacml-context:AttributeValue> for e.g. <Attribute AttributeId="group"> <AttributeValue>developers</AttributeValue> <AttributeValue>executive</AttributeValue> </Attribute> Please correct me if I am wrong. > In policies, when you reference this AttributeId using a > <SubjectAttributeDesignator>, for example, what is returned is a bag > containing one element for each instance of the > <xacml-context:Attribute>. > Does this sound like what you wanted? Yea this is what I thought might be possible, wanted to confirm with someone on the list. Thanks :) Ashok. > Anne Anderson > > Ashok Shah wrote: >> Hello, >> >> I tried to browse throught the archive to see if someone had similar >> problem but couldnt find similar post. >> >> I am converting the SAML Attributes manually to XACML Request. When I >> try >> to convert the <saml:Attribute> to <xacml:context:Attribute>, the >> specification says i have to process all the <saml:AttributeValue> and >> map >> it to <xacml-context:AttributeValue>. When I get multiple >> <saml:AttributeValue> I want to convert each <saml:AttributeValue> to >> corresponding <xacml-context:AttributeValue>. >> >> I was browsing through the API for the XACML, and learnt that the >> BagAttribute was not designed for this purpose. I was wondering if there >> is some other way to add multiple <xacml-context:AttributeValue> to >> <xacml-context:Attribute>. >> >> I checked with the XACML 2.0 and 1.1 specification, it looks like the >> specification allows this type of multiple >> <xacml-context:AttributeValue>. >> Please advise if I am reading it wrong. >> >> Thanks, >> >> Ashok. >> >> >> ------------------------------------------------------- >> This SF.Net email is sponsored by: NEC IT Guy Games. >> Get your fingers limbered up and give it your best shot. 4 great >> events, 4 >> opportunities to win big! Highest score wins.NEC IT Guy Games. Play to >> win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 >> _______________________________________________ >> sunxacml-discuss mailing list >> sun...@li... >> https://lists.sourceforge.net/lists/listinfo/sunxacml-discuss > -- Ashok Shah |
