[User] xacml policies

Fri, 04 May 2012 10:08:58 -0700 

Hi all
 I am interested in knowing why Identity Server does not process the 
<Condition> in the following policy...
thanks in advance

<Policy PolicyId="POP_TIME_IN_RANGE" 
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
 xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
  <Rule Effect="Permit" RuleId="Details_POPrule1"/>
  <Target>
    <Resources>
      <Resource>
        <ResourceMatch 
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
          <AttributeValue 
DataType="http://www.w3.org/2001/XMLSchema#string";>https://localhost:9443/services/recurso</AttributeValue>
          <ResourceAttributeDesignator 
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
DataType="http://www.w3.org/2001/XMLSchema#string"/>
        </ResourceMatch>
      </Resource>
    </Resources>
    <Actions>
      <Action>
        <ActionMatch 
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
          <AttributeValue 
DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
          <ActionAttributeDesignator 
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" 
DataType="http://www.w3.org/2001/XMLSchema#string"/>
        </ActionMatch>
      </Action>
    </Actions>
    <Subjects>
      <Subject>
        <SubjectMatch 
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
          <AttributeValue 
DataType="http://www.w3.org/2001/XMLSchema#string";>aprieto</AttributeValue>
          <SubjectAttributeDesignator 
AttributeId="http://wso2.org/claims/givenname"; 
DataType="http://www.w3.org/2001/XMLSchema#string"/>
        </SubjectMatch>
      </Subject>
    </Subjects>
  </Target>
  <Condition>
    <Apply FunctionId="time-in-range">
      <Apply FunctionId="time-one-and-only">
        <EnvironmentAttributeDesignator AttributeId="current-time" 
DataType="time" MustBePresent="true"/>
      </Apply>
      <AttributeValue DataType="time">08:00:00</AttributeValue>
      <AttributeValue DataType="time">18:00:00</AttributeValue>
    </Apply>
  </Condition>
  <Rule Effect="Deny" RuleId="nombreRegla1"/>
  <Target/>
</Policy>

10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS 
INFORMATICAS...
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION

http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci
_______________________________________________
User mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/user

Reply via email to