[Carbon-dev] Authz Manager - How to check if an action is denied?
Srinath Perera
srinath at wso2.com
Wed Feb 9 23:13:41 PST 2011
Any conclusions?
--Srinath
On Sat, Feb 5, 2011 at 8:20 AM, Prabath Siriwardana <prabath at wso2.com> wrote:
> On Sat, Feb 5, 2011 at 7:58 AM, Afkham Azeez <azeez at wso2.com> wrote:
>
>> Prabath, in XACML, as a best practice, we've been putting a deny Rule at the
>> end of most policies. But what happens if that is not declared? What does
>> the Sun XACML engine return?
>
> "NotApplicable"
>
> Thanks & regards,
> -Prabath
>
>>
>> Azeez
>>
>> On Sat, Jan 29, 2011 at 12:23 PM, Danushka Menikkumbura <danushka at wso2.com>
>> wrote:
>>>
>>>> Lets take two scenarios.
>>>>
>>>> 1. Application has not set the authorizes details
>>>> 2. Application has set the action to deny.
>>>>
>>>> in both cases authorization manger returns false. (Obviously it can not
>>>> return true).
>>>
>>> We need to have a new method to check denial.
>>>
>>> So, (isAuthorized == false) and (isDenied == false) simply means that I
>>> have no idea what this resource means so that am abstaining from saying
>>> anything.
>>>
>>> Ideally isAuthorized should have returned enum {ALLOWED, DENIED, ABSTAIN}
>>> but we can not afford to do that now.
>>>
>>> Thanks,
>>> Danushka
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> Carbon-dev at wso2.org
>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>
>>
>>
>> --
>> Afkham Azeez
>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
>>
>> Member; Apache Software Foundation; http://www.apache.org/
>> email: azeez at wso2.com cell: +94 77 3320919
>> blog: http://blog.afkham.org
>> twitter: http://twitter.com/afkham_azeez
>> linked-in: http://lk.linkedin.com/in/afkhamazeez
>>
>> Lean . Enterprise . Middleware
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> Carbon-dev at wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
>
> --
> Thanks & Regards,
> Prabath
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
> _______________________________________________
> Carbon-dev mailing list
> Carbon-dev at wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
--
============================
Srinath Perera, Ph.D.
Senior Software Architect, WSO2 Inc.
Visiting Lecturer, University of Moratuwa
Member, Apache Software Foundation
Research Scientist, Lanka Software Foundation
Blog: http://srinathsview.blogspot.com/
More information about the Carbon-dev
mailing list