Changes between Version 1 and Version 2 of XACML


Ignore:
Timestamp:
28/06/10 14:46:32 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • XACML

    v1 v2  
    137137</Policy> 
    138138}}} 
     139 
     140In the above, the first `<Target/>` element filters out reuqests which don't apply to the rules which follow, so if the URI doesn't start with, `http://localhost/` it's ignored.  After this a series of rules are specified, the first rule denies accesses to all requests.  However, the top-most `<Policy>` element specifies the so called ''Rule Combining Algorithm'' to permit overrides: 
     141{{{ 
     142RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" 
     143}}} 
     144Any rule which follows for which a match is made grants access.  For example, the second rule grants access to any URI which begins with `http://localhost/test_securedURI`, provided the subject (the person or entity requesting access) has at least one of the attributes, `staff`, `admin` or `postdoc`. 
     145 
     146---- 
     147Philip Kershaw, 28 June 2010