有没有办法从 XACML 策略外部定义变量并从策略规则内部引用它们
[英]Is there a way to define variables externally from XACML policy and refer them from inside the policy rules
问题描述
I am using XACML with multiple policy sets and policies.
我将 XACML 与多个策略集和策略一起使用。 These policies are sharing the same variables and I want to be able to define them in some kind "global" dictionary.这些策略共享相同的变量,我希望能够在某种“全局”字典中定义它们。 While it seems rather basic requirement, I couldn't find any documentation, example or discussion about such an option.虽然这似乎是相当基本的要求,但我找不到任何有关此类选项的文档、示例或讨论。 Is there any way to do so?有什么办法吗?
Thanks.谢谢。
1 个解决方案
解决方案1
1 已采纳 2020-12-02 23:06:17
The only feature XACML provides OOTB is the notion of variable definitions and variable references. XACML 为 OOTB 提供的唯一功能是变量定义和变量引用的概念。 However it doesn't fully do what you're looking for.但是,它并不能完全满足您的要求。
For starters, variable definitions are defined globally but can only be used inside rules.对于初学者,变量定义是全局定义的,但只能在规则内部使用。 You cannot use them inside targets.您不能在目标内部使用它们。 Variable definitions are made up of a XACML expression ie anything that can be expressed in a condition (so a string, a function, and more).变量定义由 XACML 表达式组成,即可以在条件中表达的任何内容(如字符串、function 等)。
Variable definitions are defined within a policy and their visibility is scoped to that policy.变量定义在策略中定义,其可见性仅限于该策略。 This limits their usefulness.这限制了它们的用处。
If you wanted a cross-policy variable / constant, you'd have to do that outside XACML, define your policies, and then post-process them to replace your placeholders with your values.如果您想要一个跨策略变量/常量,则必须在 XACML 之外执行此操作,定义您的策略,然后对它们进行后处理以用您的值替换占位符。 If you work directly on XML, you could do that with XSLT for instance.如果你直接在 XML 上工作,你可以用 XSLT 来做。 Otherwise, it'll largely depend on the IDE you're using.否则,它将在很大程度上取决于您使用的 IDE。
Source: eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01来源: 可扩展访问控制标记语言 (XACML) 版本 3.0 加上勘误表 01
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.