resource-id JSON example
When neither the ContextId or ApplicationId attributes are set, the Request.Resource resource-id attribute is used as the policy key.
This allows two separate policies to be evaluated within the one JSON request.
The corresponding XACML JSON would be:
{ "Request": { "Action": { "Attribute": [ { "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id", "DataType": "string", "Value": "GET" } ] }, "Resource": [ { "Attribute": [ { "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id", "DataType": "string", "Value": "/WebSEAL/isam.ibm.com-default/protected" } ] }, { "Attribute": [ { "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id", "DataType": "string", "Value": "/myapp/myresource1" } ] } ], "Environment": { "Attribute": [ ] } } }
If the policy attached to isam.ibm.com-default/protected results in a Permit with Obligation decision and the policy attached to /myapp/myresouce1 results in a NotApplicable decision, the XACML JSON response would be:
{ "Response": [ { "Status": { "StatusCode": { "Value":"urn:oasis:names:tc:xacml:1.0:status:ok" } }, "Obligations": [ { "Id":"ObligationId" } ], "Attribute": [ { "AttributeId":"urn:oasis:names:tc:xacml:1.0:resource:resource-id", "Value":"/WebSEAL/isam.ibm.com-default/protected" } ], "Decision":"Permit" }, { "Status": { "StatusCode": { "Value":"urn:oasis:names:tc:xacml:1.0:status:ok" } }, "Attribute": [ { "AttributeId":"urn:oasis:names:tc:xacml:1.0:resource:resource-id", "Value":"\/myapp\/myresource1" } ], "Decision":"NotApplicable" } ] }
Parent topic: Invoking the RTSS XACML engine