xacml2 | 易学教程

How to use “issuer” tag in ALFA plugin?

阅读更多关于 How to use “issuer” tag in ALFA plugin?

问题 I am writing some administrative policies on ALFA plugin but I find out there's no such function of it. Does anyone know this aspect? 回答1: You would have to generate the issuer element separately using an ant script and some logic to generate the value of the issuer field e.g. by adding the dn of a certificate. It all depends on how your XACML engine implements delegation. ALFA itself doesn't do anything to the issuer field. Cheers, David. 来源： https://stackoverflow.com/questions/25128025/how

How to use “issuer” tag in ALFA plugin?

阅读更多关于 How to use “issuer” tag in ALFA plugin?

How to Manage Trust between PEP and PDP

阅读更多关于 How to Manage Trust between PEP and PDP

问题 I am working with distributed scenario in which I have multiple instances of PEP and PDP , in such a scenario how PDP will validate that XACML request is coming from my trusted PEP. 回答1: There are can be different ways to trust the PEP. It is not clearly mentioned in the spec. But it is mentioned that you must use SSL and authentication mechanism (such as Basic/Digest authentication). Also there is a SAML-XACML profile that talks about PEP-PDP communication. But I guess, following two simple

Multiple Decisions Profile Policy in XACML 3.0

阅读更多关于 Multiple Decisions Profile Policy in XACML 3.0

问题 I have requirement to write a policy for the particular user it will return the xacml response like this : This policy is based on single user : bob FirstName: Create= true , Read = true, Update = true, Delete = false MiddleName: Create= true , Read = true, Update = true, Delete = false LastName: Create= true , Read = true, Update = true, Delete = false How to write a xacml policy for such requirement and how the request will look like for the same policy. How to achieve this policy using

How do I apply XACML rules to every child URI?

阅读更多关于 How do I apply XACML rules to every child URI?

问题 I'm working with XACML policies and I have a rule that includes a resource target similar to the following: <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">/MyDirectory</AttributeValue> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> </ResourceMatch> </Resource> </Resources> I

Is it possible to compare attributes in a XACML policy?

阅读更多关于 Is it possible to compare attributes in a XACML policy?

问题 The following rule says subjects with role "acme_manager" can perform any action on the resource "/acme/widgets": <Rule Effect="Permit" RuleId="PermitRule"> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/acme/widgets</AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category=

Is it possible to compare attributes in a XACML policy?

阅读更多关于 Is it possible to compare attributes in a XACML policy?

The following rule says subjects with role "acme_manager" can perform any action on the resource "/acme/widgets": <Rule Effect="Permit" RuleId="PermitRule"> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/acme/widgets</AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema