Hi I just want to know how can I match XACML 3.0 Request from the PEP against the Policies stored in policy store using PDP. How I will evaluate particular request against the multiple policies stored in policy store.
how to match XACML 3.0 request against policy stored in policy store
681 views Asked by Utsav At
3
There are 3 answers
0
On
Adding my experience of using WSO2 Identity Server as a PDP
So you can add multiple policy files in IS. But you have to give ranking to each policy file.
So what i think is, those policies get validated in the order of ranking which we provide and for whichever policy the target element gets matched first get evaluated first.
XACML request is matched with the "Target" element of the policies that are stored in PDP policy store. Once target element is matched for policies, Those matched policies (applicable policies) are evaluated (rules of the policies) according to the policy order and results are combined according to the policy combining algorithm of the policy store. If PEP wants to know that; what PEP policies are matched for given XACML request, PEP can send the XACML request with "ReturnPolicyIdList" attribute as "true".
Then XACML response would returns the matched policies in the XACML response.