Domanda
I'm working with XACML policies and I have the following resource:
https://stackoverflow.com/questions/16687563
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">mail</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
I want this resource to be a string and not an anyURI type, in order to manipulate any kind of data as a resource. Otherwise, what are the possible value of a anyURI datatype ?
Soluzione
Specification says that resource-id SHELL be anyURI. So theoretically you can use string data type. Function then will be string-equal.
At the same time, in most cases you can use anyURI without any problems. For example string "Alice" is anyURI.
Alternatively you can introduce another attribute, just name it appropriately and use instead of resource-id.
Altri suggerimenti
In addition to what Mike said, you can always create a new attribute with the exact same id, category (if in XACML 3.0), and optionally issuer but change the datatype from anyURI to string:
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
Just make sure that your XACML request and XACML policy use the same attribute.
