resource-id JSON example
When neither the ContextId or ApplicationId attributes are set, the Request.Resource resource-id attribute is used as the policy key.
This allows two separate policies to be evaluated within the one JSON request.
The corresponding XACML JSON would be:
{
"Request": {
"Action": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"DataType": "string", "Value": "GET"
}
]
},
"Resource": [
{
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"DataType": "string", "Value": "/WebSEAL/isam.ibm.com-default/protected"
}
]
},
{
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"DataType": "string", "Value": "/myapp/myresource1"
}
]
}
],
"Environment": {
"Attribute": [
]
}
}
}If the policy attached to isam.ibm.com-default/protected results in a Permit with Obligation decision and the policy attached to /myapp/myresouce1 results in a NotApplicable decision, the XACML JSON response would be:
{
"Response": [
{
"Status": {
"StatusCode": {
"Value":"urn:oasis:names:tc:xacml:1.0:status:ok"
}
},
"Obligations": [
{
"Id":"ObligationId"
}
],
"Attribute": [
{
"AttributeId":"urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value":"/WebSEAL/isam.ibm.com-default/protected"
}
],
"Decision":"Permit"
},
{
"Status": {
"StatusCode": {
"Value":"urn:oasis:names:tc:xacml:1.0:status:ok"
}
},
"Attribute": [
{
"AttributeId":"urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value":"\/myapp\/myresource1"
}
],
"Decision":"NotApplicable"
}
]
}