Stack Overflow
Stack Overflow

Questions tagged [xacml2]

XACML 2.0 refers to the 2.0 specification of the eXtensible Access Control Markup Language (XACML), ratified by the OASIS standards group in February 2005.

XACML 2.0 is the second version of the eXtensible Access Control Markup Language (XACML). As of April 2014, XACML has 3 versions: XACML 1.0, XACML 2.0, and XACML 3.0. The latest version is XACML 3.0.

Overall XACML 2.0 and XACML 3.0 achieve the same functionality which is to define fine-grained, attribute-based access control policies. Please refer to the XACML tag wiki for additional details.

XACML 2.0 defines a fixed number of attribute categories whereas XACML 3.0 lets users define custom attribute categories although, usually, the same categories are eventually used in XACML 2.0 and XACML 3.0.

XACML 2.0 provides support for static obligations. XACML 3.0 provides support for dynamic obligations and advice.

XACML 2.0 is defined in 2 schema files: one for the policy language and one for the request. XACML 3.0 is defined in a single schema file.

Both XACML 2.0 and XACML 3.0 use the same conceptual architecture.

Other versions of XACML include:

  • XACML 1.0
  • XACML 1.1
  • XACML 2.0
  • XACML 3.0

XACML 1.0, 1.1, and 2.0 are extremely similar. XACML 3.0 brings new differences which make the standard more generic.

40 questions
1
vote
1 answer

How can I return multiple attribute values in my Obligation Expression using XACML?

I am using XACML 3.0 with Balana in my java application. MY XML schema is defined as follows:
Milson
  • 1,525
  • 3
  • 15
  • 29
1
vote
2 answers

XACML2 Schema Generation Error for .NET - Cannot use wildcards at the top level of a schema

Has anyone been able to successfully generate C# entity classes from XACML2 schema files? I am getting "Cannot use wildcards at the top level of a schema." I think this has something to do with xs:any elements. I have tried change the…
Tone
  • 2,793
  • 6
  • 29
  • 42
1
vote
1 answer

How to deal with scoped roles when multiple roles can be activated in XACML

First the user can have multiple roles at the same time, and the role has scope. For example, one user has three roles: /scopeA/editor, /scopeA/programmer, /scopeB/editor and /scopeA/editor has access to resource /scopeA/post …
telmo
  • 153
  • 8
1
vote
1 answer

Is there a standard or preferred way to use obligations and advice in XACML and ALFA?

I wrote some obligations and advices but I was wondering if there is a widely accepted/or formal way to do this properly? In other words: Is there a standard or preferred way to use obligations and advices in ALFA? I would really like to see an …
Morei
  • 41
  • 2
1
vote
1 answer

Can i use xpath-like expression in the attributevalue in a xacml plicy

I'd like to declare some policies likes: some one can visit anything under the img path, but img folders are scattered everwhere, so the attributevalue in the xacml policy may seem like this: "/rootpath/**XPATH_PART**/img/*". how to write policy of…
telmo
  • 153
  • 8
1
vote
1 answer

XACML for dynamic authorization using time and date

Please, I would like to know how to write XACML policy for dynamic control. I want to control user permission to access attribute with time or date.
user3128302
  • 21
  • 5
1
vote
1 answer

PDP through balana

I have only one policy file for my server, so do not want to use wso for PDP, but instead trying to write my own PDP with "balana", I can see their is a PDP class and also a Policy class, so which class to use and how to load my "policy.xml" file to…
Phalguni Mukherjee
  • 623
  • 3
  • 11
  • 29
1
vote
1 answer

what does XACML Identifier mean?

for example,"urn:oasis:names:tc:xacml:1.0:subject:session-start-time",what does it mean? How can i know the format of the session-start-time? Is it yyyy-MM-dd or yyyy/MM/dd? I can't find any Information form the oasis's document.SomeOne tell…
Wei Lee
  • 9
  • 2
0
votes
0 answers

XACML2: XACML2.0 implementation in java

I'm writing my master-these and i have some problemes with the PDP evaluation of request. I use sunxacml:2.0 in java. when i define a request and evalue it with PDP the response is NotApplicable but when i define a request and encoding in file and i…
student
  • 1
  • 2
0
votes
2 answers

Multiple attributes in the same category in XACML 3.0

I'm learning XACML 3.0 and want to ask, if I have two attributes with different ID But in the same category i.e (Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"), this interpretation as two different attributes for the same…
Josepil
  • 13
  • 6
0
votes
1 answer

How to use "issuer" tag in ALFA plugin?

I am writing some administrative policies on ALFA plugin but I find out there's no such function of it. Does anyone know this aspect?
FATELLS
  • 1
0
votes
2 answers

During XACML Policy published issue in WSO2 API

After creating the XACML Policy trying to publish it to PDP, but getting error [2014-07-10 06:30:15,910] ERROR - ApplicationDispatcher Servlet.service() for servlet bridgeservlet threw exception java.lang.NoSuchMethodError: …
user3825596
  • 161
  • 1
  • 2
  • 9
0
votes
1 answer

Generate XACML 2.0 policies programmatically?

I would like to generate XACML 2.0 policies programmatically. Is there a way to either do that or convert a group of XACML 3.0 policies into XACML 2.0 policies? Thanks
nammar
  • 29
  • 5
0
votes
1 answer

Error in XACML validation

I have created a XACML file for authorization, which looks as:
Phalguni Mukherjee
  • 623
  • 3
  • 11
  • 29
0
votes
2 answers

XACML or DB approach

I went through the XACML document and it explains about maintaining authorization policies in an XML file, the same can be done by keeping the policies in database, My question is what is the advantage of storing policies in XML file like XACML over…
user3405607
  • 3
  • 4
1
2
3