HERAS-AF Forum
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 20, 2012, 09:50:10 am

Login with username, password and session length
Search:     Advanced search
Welcome to the HERAS-AF Forum...
373 Posts in 89 Topics by 272 Members
Latest Member: Jasmine
* Home Help Search Login Register
+  HERAS-AF Forum
|-+  HERAS-AF XACML
| |-+  HERAS-AF XACML Core (Moderators: René Eggenschwiler, Florian Huonder)
| | |-+  PolicySetIdReference Attribute not working		 « previous next »
Pages: [1] Print
Author Topic: PolicySetIdReference Attribute not working  (Read 558 times)
niro
Newbie
*
Posts: 11


View Profile
« on: February 24, 2011, 11:52:06 am »
Hi,

I just started out on the XACML and started using herasaf-xacml-core 1.0.0-M2 and tried to implement the example for rbac profile1 specification on oasis xacml 2.0. And I get an Error message: "ERROR MapBasedSimplePolicyRepository : This implementation of the PolicyRepository interface does not support remote references. Further a local reference must be within the same PolicySet.". Does the version 1.0.0-M2 support remote PolicySetIdReference functionality?

Regards,
Niro
Logged
René Eggenschwiler
Administrator
Jr. Member
*****
Posts: 63



View Profile
« Reply #1 on: February 24, 2011, 01:53:24 pm »
Hi Niro

HERAS-AF XACML 1.0.0-M2 does not yet support remote PolicySetIdReference and PolicyIdReference yet.

Our architecture does foresee remote policy references and policy set references to be resolved.
We think that this functionality should be located in der PolicyRepository implementation.

The default PolicyRepository implementation in HERAS-AF XACML 1.0.0-M2 is the MapBasedSimplePolicyRepository. This implementation doesn't support remote reference loading.
The Jira issue for that topic is: http://dev.herasaf.org/browse/XACMLCORE-133

Please also see our issues and discussions about that topic:
http://dev.herasaf.org/wiki/display/XACMLCORE/Policy+Repository
http://forum.herasaf.org/index.php/topic,49.0.html
http://dev.herasaf.org/browse/XACMLCORE-11
http://dev.herasaf.org/browse/XACMLCORE-14

Regards,
René
Logged
Florian Huonder
Administrator
Full Member
*****
Posts: 129



View Profile WWW
« Reply #2 on: February 24, 2011, 02:02:17 pm »
Hi Niro,

Thank you for your interest in our XACML implementation.

You are right, the default policy repository does not support remote references. Remote means outside the current PolicySet.
See javadoc of the Policy Repository:
http://dev.herasaf.org/source/browse/XACMLCORE/trunk/src/main/java/org/herasaf/xacml/core/simplePDP/MapBasedSimplePolicyRepository.java?r=HEAD
(relevant section says, line 370: It must be either a remote-reference or a local-reference that is not in this PolicySet. The first is not supported by this PolicyRepository implementation and the second is prohibited by the XACML specification.)
and the documentation of the Policy Repository
http://dev.herasaf.org/wiki/display/XACMLCORE100M2/Policy+Repository

You have two possibilities:
  • Implement you own Policy Repository that is capable of handling references.
  • Restructure your policies into one set that the local-references mechansim takes effect.

If you have any further questions.
Don't hesitate to ask.

Regards,
Florian
Logged
niro
Newbie
*
Posts: 11


View Profile
« Reply #3 on: March 17, 2011, 11:59:29 am »
Thank you both for your response.

I have chosen the option to inline the referenced policies so that local-reference mechanism can resolve the policies as sugested by Florian, and its working for now.

Regards
Niro
Logged
Florian Huonder
Administrator
Full Member
*****
Posts: 129



View Profile WWW
« Reply #4 on: March 17, 2011, 12:57:16 pm »
Hi Niro,

Great to hear.
If you have any further questions don't hesitate to ask..

Regards,
Florian
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!