Re: Attribute Category question

Wed, 15 Jul 2015 08:34:48 -0700 

Ok thanks for your reply. The reason I asked is that I was using the OpenAZ
API to create a Request where I was setting a Category URI on the
Attributes Object. I was then evaluating the Request against a PDP that was
loaded with a policy that has an AttributeDesignator as follows:

<AttributeDesignator MustBePresent="false"
    Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
    AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
    DataType="http://www.w3.org/2001/XMLSchema#anyURI"; />

However, the evaluation failed. Only when I *also* added the Category URI
on the Attribute itself did the evaluation pass. Am I correct in thinking
this is a bug? If an Attributes Object has a Category then this should also
be set on each of the child Attribute Objects?

Colm.


On Wed, Jul 15, 2015 at 4:24 PM, DRAGOSH, PAMELA L (PAM) <
[email protected]> wrote:

> Colm,
>
> In implementing XACML, an attribute ALWAYS has a category. Carrying that
> property along with it made programming a lot simpler. Its always going to
> be needed.
>
> Pam
>
> On 7/15/15, 9:48 AM, "Colm O hEigeartaigh" <[email protected]> wrote:
>
> >Hi all,
> >
> >The Attribute Object defined in the API contains the following method:
> >
> >
> https://git-wip-us.apache.org/repos/asf?p=incubator-openaz.git;a=blob;f=op
> >enaz-xacml/src/main/java/org/apache/openaz/xacml/api/Attribute.java;h=741a
> >73f4525e3544ee45fc35f872766969adbb57;hb=HEAD
> >
> >Identifier getCategory();
> >
> >However, unless I'm missing something, there is no Category directly
> >associated with an Attribute in the 3.0 spec:
> >
> ><xs:complexType name="AttributeType">
> ><xs:sequence>
> ><xs:element ref="xacml:AttributeValue" maxOccurs="unbounded"/>
> ></xs:sequence>
> ><xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
> ><xs:attribute name="Issuer" type="xs:string" use="optional"/>
> ><xs:attribute name="IncludeInResult" type="xs:boolean" use="required"/>
> ></xs:complexType>
> >
> >The Category is associated with the "Attributes" Element instead:
> >
> ><xs:attribute name="Category" type="xs:anyURI" use="required"/>
> >
> >Should Attribute have a getCategory method?
> >
> >Colm.
> >
> >--
> >Colm O hEigeartaigh
> >
> >Talend Community Coder
> >http://coders.talend.com
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to