On Sun, Mar 22, 2015 at 2:27 PM, Farasath Ahamed <[email protected]> wrote: > Hi Rushmin, > > I suppose you are planning to map the 'conditions' to policyIDs and reuse > them.
Yes.. Policy target can be used to pick policies and rules.. But i do not think, it is good idea to model to send the policy id in the XACML request.. Can't we use some other.. ? Thanks, Asela. > > AFAIK you can send the policyID as an attribute with the XACML request and > add the policyID as in the target within the XACML Policy Target to achieve > this. You can easily write an AttributeFinder module to get the policyID > from wherever you plan to get it from(PolicyID mapped to 'conditions'). This > works if you are planning to have a mapping of PolicyID for 'conditions' as > you mentioned above. > > Alternatively you can also use <PolicyIDReference> element to refer to a > policy by its ID [1] > > [1] > http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047116 > Adding @Asela for further opinion > > On Sun, Mar 22, 2015 at 7:47 AM, Rushmin Fernando <[email protected]> wrote: >> >> Thanks Farasath for your response. >> >> Yes, both would solve my problem. >> >> So you are saying that we can pass a policy id in the XACML request, so >> that the XACML engine will only consider that policy when it comes to >> evaluating ? >> >> Thanks >> Rushmin >> >> On Sat, Mar 21, 2015 at 10:21 PM, Farasath Ahamed <[email protected]> >> wrote: >>> >>> Hi Rushmin, >>> >>> So what you basically want is a XACML policy which becomes applicable >>> based on a policy ID? >>> or do you want to reuse 'conditions' generated by the user by say giving >>> them a referenceID or something? >>> >>> I think both of which is possible in XACML 3.0. Can you elaborate more on >>> the condition 'part' you have mentioned above? >>> >>> On Sat, Mar 21, 2015 at 1:16 PM, Rushmin Fernando <[email protected]> >>> wrote: >>>> >>>> Hi IS Team, >>>> >>>> In App Manager we have the following requirement. >>>> >>>> 1) App creator need to associate authorization rules for URL pattern + >>>> HTTP verb combinations >>>> >>>> 2) They are given a UI to add a URL pattern, select an HTTP verb and >>>> then apply an authorization rule. >>>> >>>> 3) App Manager uses XACML for these authorization rules. >>>> >>>> 4) Since the 'resource' and 'action' parts of the XACML policy is >>>> determined the aforementioned UI inputs, user is only allowed to write the >>>> 'condition' part. And the actual XACML policy is generated using these >>>> parts. >>>> >>>> 5) But the thing is, we need to re-use these 'conditions'. We do it in >>>> App Manager level. But we end up with generating XACML policies for >>>> 'resource' + 'action' combinations. >>>> >>>> Is there a way that we can have a single XACML policy which only has the >>>> condition 'part' and evaluate the XACML request using that specific policy >>>> (by giving the policy ID ) ? >>>> >>>> -- >>>> Rushmin Fernando >>>> Technical Lead >>>> >>>> WSO2 Inc. - Lean . Enterprise . Middleware >>>> >>>> email : [email protected] >>>> mobile : +94772310855 >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>> >>> >>> >>> -- >>> Farasath Ahamed >>> Software Engineering Intern >>> WSO2 Inc.; http://wso2.com >>> >>> Mobile: +94 777 603 866 >>> E-Mail: [email protected] >>> Blog: http://thepseudocode.blogspot.com/ >> >> >> >> >> -- >> Rushmin Fernando >> Technical Lead >> >> WSO2 Inc. - Lean . Enterprise . Middleware >> >> email : [email protected] >> mobile : +94772310855 >> >> > > > > -- > Farasath Ahamed > Software Engineering Intern > WSO2 Inc.; http://wso2.com > > Mobile: +94 777 603 866 > E-Mail: [email protected] > Blog: http://thepseudocode.blogspot.com/ -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
