| Variable Name | Value | urn |
| Username | “John Smith” | urn:xacml:2.0:interop:example:subject:user name |
| Password | “somepwd” | (No urn: Not passed through to az, consumed by auth) |
| CustomerId | “123456” | urn:oasis:names:tc:xacml:1.0:subject:subject-id |
| ResourceApplName | “CustomerAccount” | urn:oasis:names:tc:xacml:1.0:resource:resource-id |
| Action | “ViewAccount” | urn:oasis:names:tc:xacml:1.0:action:action-id |
| ResourceOwnerId | “123456” | urn:xacml:2.0:interop:example:resource:owner id |
| ResourceOwnerName | “John Smith” | urn:xacml:2.0:interop:example:resource:owner name |
| ResourceAcctStatus | “Active” | urn:xacml:2.0:interop:example:resource:account status |
The request to a PDP is:
<?xml version="1.0" encoding="UTF-8"?>
<xacml-context:Request
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Subject
SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
<AttributeValue>123456</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:subject:user-name"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
<AttributeValue>John Smith</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>CustomerAccount</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>123456</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-name"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>John Smith</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:account-status"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Active</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>ViewAccount</AttributeValue>
</Attribute>
</Action>
<Environment/>
</xacml-context:Request>
The response from the PDP should be :
<?xml version="1.0" encoding="UTF-8"?>
<xacml-context:Response
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Result>
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
<StatusMessage>Success</StatusMessage>
<StatusDetail/>
</Status>
<xacml:Obligations
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:decision"
FulfillOn="Permit"/>
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:status-code"
FulfillOn="Permit"/>
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:status-message"
FulfillOn="Permit"/>
</xacml:Obligations>
</Result>
</xacml-context:Response>
No comments:
Post a Comment