I would like to fixe the differences between target and condition in XACML language and when should I use target or condition.
Asked
Active
Viewed 696 times
1 Answers
4
Target and condition both allows you to define if a rule will evaluate to permit, deny, not applicable or indeterminate.
Condition can only be contained in rules and, compared to target, they allow comparison between dynamic attributes.
Target can be contained in PolicySets, Policy or Rules and can only compare an attribute to a static value. In PolicySet and Policy, they allow quick decision if the evaluation should go down the tree.
For more information check out this blog post.
Here is a video that might help you understand better the nesting (look at the inspector in the upper right when structural elements are edited) https://www.youtube.com/watch?v=SZ73VnNaazs
David Brossard
- 13,584
- 6
- 55
- 88
Thierry Plesnar
- 41
- 4