Understanding Digital Identity Management - Phil Windley's ...

loginThe policy statement that is applied to this request is much more complicated butits not hard to figure out what it does. The element indicates to whatsubjects, resources, and actions this policy applies. Rules have simple actions:permit or deny. These actions are called the “effect” of the rule. In addition, the element contains two parts, a element that is matched againstthe current security request and a element that defines a Booleanpolicy that is only true between the hours of 9am and 5pm.Reading through this example will give you an idea of what XACML policies looklike. These policies are human readable, but for the most part, they would becreated using a access control policy tool. The top-level element is the element:The element contains a element and zero or more elements. The element defines the class of subjects, resources, andactions to which the policy is applied . For example, the following element applies to any subject, and any action, on a resource identified by thestring “SampleServer”SampleServerDigital Identity Management 16 of 20 Phillip J. Windleywww.windley.com