Google Site Search

Google
 

Saturday, January 5, 2008

Customer access scenario : XACML Request 1 and Response 1

The Data Values for the request message are in the following table:























































Variable Name Value urn
Username “John Smith” urn:xacml:2.0:interop:example:subject:user name
Password “somepwd” (No urn: Not passed through to az, consumed by auth)
CustomerId “123456” urn:oasis:names:tc:xacml:1.0:subject:subject-id
ResourceApplName “CustomerAccount” urn:oasis:names:tc:xacml:1.0:resource:resource-id
Action “ViewAccount” urn:oasis:names:tc:xacml:1.0:action:action-id
ResourceOwnerId “123456” urn:xacml:2.0:interop:example:resource:owner id
ResourceOwnerName “John Smith” urn:xacml:2.0:interop:example:resource:owner name
ResourceAcctStatus “Active” urn:xacml:2.0:interop:example:resource:account status



The request to a PDP is:


<?xml version="1.0" encoding="UTF-8"?>
<xacml-context:Request
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Subject
SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
<AttributeValue>123456</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:subject:user-name"
DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.interop.com">
<AttributeValue>John Smith</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>CustomerAccount</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>123456</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:owner-name"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>John Smith</AttributeValue>
</Attribute>
<Attribute AttributeId="urn:xacml:2.0:interop:example:resource:account-status"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Active</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>ViewAccount</AttributeValue>
</Attribute>
</Action>
<Environment/>
</xacml-context:Request>


The response from the PDP should be :

<?xml version="1.0" encoding="UTF-8"?>
<xacml-context:Response
xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
<Result>
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
<StatusMessage>Success</StatusMessage>
<StatusDetail/>
</Status>
<xacml:Obligations
xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os">
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:decision"
FulfillOn="Permit"/>
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:status-code"
FulfillOn="Permit"/>
<xacml:Obligation
ObligationId="urn:xacml:2.0:interop:example:obligation:status-message"
FulfillOn="Permit"/>
</xacml:Obligations>
</Result>
</xacml-context:Response>

No comments: