| | 139 | |
| | 140 | In the above, the first `<Target/>` element filters out reuqests which don't apply to the rules which follow, so if the URI doesn't start with, `http://localhost/` it's ignored. After this a series of rules are specified, the first rule denies accesses to all requests. However, the top-most `<Policy>` element specifies the so called ''Rule Combining Algorithm'' to permit overrides: |
| | 141 | {{{ |
| | 142 | RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" |
| | 143 | }}} |
| | 144 | Any rule which follows for which a match is made grants access. For example, the second rule grants access to any URI which begins with `http://localhost/test_securedURI`, provided the subject (the person or entity requesting access) has at least one of the attributes, `staff`, `admin` or `postdoc`. |
| | 145 | |
| | 146 | ---- |
| | 147 | Philip Kershaw, 28 June 2010 |
