Debug

[XACML] Permit and Deny Policy

Debug

For debugging purpose, it is good to have a permit and deny decision at a certain point. This can be done easily with programming by setting your boolean variable to either true or false but not the case for XACML (you are welcome to comment if you know otherwise). The following are two policies that I compose: Permit policy and Deny policy.

### Warning, do not use this in a production system. Use for debugging purpose only. ###

Permit policy

<Policy
        xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"          
        PolicyId="http://doublemomentum.com/Testing/Permit"          
        Version="1.0"          
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
    <Description>Permit Policy</Description>
    <Target/>
    <Rule RuleId="http://doublemomentum.com/Testing/Rule1" Effect="Permit">
        <Description>##### WARNING: This policy result in permit and for testing only#####</Description>
        <Target/>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Value</AttributeValue>
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Value</AttributeValue>
            </Apply>
        </Condition>
    </Rule>
</Policy>

Deny policy

<Policy
        xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"          
        PolicyId="http://doublemomentum.com/Testing/Deny"          
        Version="1.0"          
        RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
    <Description>Permit Policy</Description>
    <Target/>
    <Rule RuleId="http://doublemomentum.com/Testing/Rule2" Effect="Permit">         
        <Description>##### WARNING: This policy result in deny and for testing only#####</Description>
        <Target/>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Value</AttributeValue>
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Another Value</AttributeValue>
            </Apply>
        </Condition>
    </Rule>
</Policy>