mace-opensaml-users - SubjectAttributeDesignator question
Subject: OpenSAML user discussion
List archive
- From: "Lanz, Dan" <>
- To: "OpenSAML" <>
- Subject: SubjectAttributeDesignator question
- Date: Tue, 24 Jan 2006 16:00:31 -0500
How does one
programmatically access the xml attributes of the SubjectAttributeDesignator
element? The SubjectAttributeDesignator is a subelement of the
SubjectMatch element in an xacml policy target, as shown in the policy fragment
below:
<Target>
<Subjects>
<Subject>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType=http://www.w3.org/2001/XMLSchema#string
>employee</AttributeValue>
<SubjectAttributeDesignator
AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
...
<Subjects>
<Subject>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType=http://www.w3.org/2001/XMLSchema#string
>employee</AttributeValue>
<SubjectAttributeDesignator
AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
...
</Target>
The subject
attribute value is available from an EvaluationCtx by calling (as an
example):
getSubjectAttribute(new URI(com.sun.xacml.attr.X500NameAttribute.identifier),
new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"),
new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"))
new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"))
But, it's not
evident how to access the SubjectAttributeDesignator.
Thanks,
Dan
Lanz
- SubjectAttributeDesignator question, Lanz, Dan, 01/24/2006
- Re: SubjectAttributeDesignator question, Tom Scavo, 01/24/2006
- <Possible follow-up(s)>
- RE: SubjectAttributeDesignator question, Lanz, Dan, 01/24/2006
Archive powered by MHonArc 2.6.16.