I am working on XACML 3.0.Can anyone suggest how to handle descendant resources in XACML3.0 Hierarchical resource scenario?
Asked
Active
Viewed 77 times
1 Answers
0
In Hierarchical resource profile, Scope value can be either 'Children' or 'Descendants'. Descendants means all the resources under the root resource. Children means level 1 Descendants. However this could be related with your resource finder implementation. In WSO2IS, you need to write an extension point to retrieve the children or descendant resources for give root resource. Root resource and the scope value must be sent in the XACML request. You can find more information about the hierarchical resource profile and on writing a resource finder for WSO2IS from this blog post. I guess this would help you.
Asela
- 5,781
- 1
- 15
- 23
-
Thanks for your reply.As i gone through the balana sample "balana-sample-hierarchical-resource".you are using seperator "/" for descendant values like public/news,private/leadership.Is there any otherway to handle the resources? – Nadendla Feb 05 '14 at 06:22
-
Yes.. It can be any thing... As an example, root resource can be a web page name (index.jsp) and child resources can be items in the web page (pic.gif, link ..). – Asela Feb 05 '14 at 08:48
-
Is there any way to handle other than using sperator(ex:/,$)? – Nadendla Feb 05 '14 at 09:22
-
We do not want to you separators.. If you know, the given child resources for given root.. we do not keep them using separator. we can put them in to a database. Above example that i mentioned can be found here http://xacmlinfo.org/2013/12/09/multiple-decision-profile-hierarchical-resources/ – Asela Feb 05 '14 at 09:31