[Dev] How to send subject in a XACML request

Tue, 31 Oct 2017 10:21:56 -0700 

Hi Godwin,

As you mentioned in your offline chats, there is no mention about "how to
send the subject in the XACML Request" in our Docs.

I did a small research on XACML spec and figured out we could send the
subject in the XACML request as follows,

I changed the sample request on my blog [1] with the Subject attribute as
follows

Request:

<Request CombinedDecision="false" ReturnPolicyIdList="false"
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
 <Attributes 
Category="urn:oasis:names:tc:xacml:3.0:subject-category:access-subject">
      <Attribute IncludeInResult="false"
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
         <AttributeValue
DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">[email protected]</AttributeValue>
      </Attribute>
   </Attributes>
    <Attributes
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
        <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
IncludeInResult="false">
            <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
        </Attribute>
    </Attributes>
    <Attributes
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
        <Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
IncludeInResult="false">
            <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>http://127.0.0.1/service/very_secure/
</AttributeValue>
        </Attribute>
    </Attributes>
</Request>

I will update XACML docs with this information.
Please let me know if you have any concerns on this! I hope this is what
you expected.

[1]
https://medium.com/@gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c

Thank you!
Dinali
​
-
*Dinali Rosemin Dabarera*
Software Engineer
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : [email protected]
LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
Mobile: +94770198933




<https://lk.linkedin.com/in/dinalidabarera>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to