Hi Rushmin, I suppose you are planning to map the 'conditions' to policyIDs and reuse them.
AFAIK you can send the policyID as an attribute with the XACML request and add the policyID as in the target within the XACML Policy Target to achieve this. You can easily write an AttributeFinder module to get the policyID from wherever you plan to get it from(PolicyID mapped to 'conditions'). This works if you are planning to have a mapping of PolicyID for 'conditions' as you mentioned above. Alternatively you can also use <PolicyIDReference> element to refer to a policy by its ID [1] [1] http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047116 Adding @Asela for further opinion On Sun, Mar 22, 2015 at 7:47 AM, Rushmin Fernando <[email protected]> wrote: > Thanks Farasath for your response. > > Yes, both would solve my problem. > > So you are saying that we can pass a policy id in the XACML request, so > that the XACML engine will only consider that policy when it comes to > evaluating ? > > Thanks > Rushmin > > On Sat, Mar 21, 2015 at 10:21 PM, Farasath Ahamed <[email protected]> > wrote: > >> Hi Rushmin, >> >> So what you basically want is a XACML policy which becomes applicable >> based on a policy ID? >> or do you want to reuse 'conditions' generated by the user by say giving >> them a referenceID or something? >> >> I think both of which is possible in XACML 3.0. Can you elaborate more on >> the condition 'part' you have mentioned above? >> >> On Sat, Mar 21, 2015 at 1:16 PM, Rushmin Fernando <[email protected]> >> wrote: >> >>> Hi IS Team, >>> >>> In App Manager we have the following requirement. >>> >>> 1) App creator need to associate authorization rules for URL pattern + >>> HTTP verb combinations >>> >>> 2) They are given a UI to add a URL pattern, select an HTTP verb and >>> then apply an authorization rule. >>> >>> 3) App Manager uses XACML for these authorization rules. >>> >>> 4) Since the 'resource' and 'action' parts of the XACML policy is >>> determined the aforementioned UI inputs, user is only allowed to write the >>> 'condition' part. And the actual XACML policy is generated using these >>> parts. >>> >>> 5) But the thing is, we need to re-use these 'conditions'. We do it in >>> App Manager level. But we end up with generating XACML policies for >>> 'resource' + 'action' combinations. >>> >>> Is there a way that we can have a single XACML policy which only has the >>> condition 'part' and evaluate the XACML request using that specific policy >>> (by giving the policy ID ) ? >>> >>> -- >>> *Rushmin Fernando* >>> *Technical Lead* >>> >>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>> >>> email : [email protected] >>> mobile : +94772310855 >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Farasath Ahamed* >> Software Engineering Intern >> WSO2 Inc.; http://wso2.com >> >> Mobile: +94 777 603 866 >> E-Mail: farasath <http://goog_1999535192>[email protected] >> Blog: http://thepseudocode.blogspot.com/ >> > > > > -- > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > email : [email protected] > mobile : +94772310855 > > > -- *Farasath Ahamed* Software Engineering Intern WSO2 Inc.; http://wso2.com Mobile: +94 777 603 866 E-Mail: farasath <http://goog_1999535192>[email protected] Blog: http://thepseudocode.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
