XACML
The following represent two examples of XACML 2.0 policies.

Which single one of these statements is false:
a) An access request from Alice Samson at 14:00 on 01 January 2018 according to the first
policy, will failComputer Security Coursework, 2020/2021 Page 11
b) Purpose of the last rule in each of the two policies is to deny any requests that are not
covered by the previous permitting rules in each of the two policies
c) If the two policies above were combined into one policy set in the order they appear with a
policy-combining algorithm “first-applicable”, then the outcome of the request by Alice
Samson be at 14:00 on 01 January 2018 to access the “server.acme.co.uk/docsserver” would
be accepted when evaluated against the new policy set
d) Adding to the AND of the condition a third part with a “anyURI-equal” function applied to an
attribute “machine.alice.come” will strengthen the condition by also requiring that Alice’s
request arrives from a particular URI address equal to machine.alice.com
e) If the effects of rules “Example 2 Rule 1” and “Example 2 Rule 2” in the second policy were
changed to “Deny” and the effect of rule “Example 2 Rule 3” was changed to “Permit”, then
the outcome of the request from Alice Samson at 14:00 on 01 December 2017 would be
permitted
f) An access request from Alice Samson at 14:00 on 01 January 2018 according to the second
policy, will succeed
Explain your answer below

Transcribed Image Text:

v<Policy xmlns-"urn:oasis:names:te:xacnl:2.0:policy:schena :os" Policyld-"Example Policy 1" RuleCombiningAlgId="urn:oasis:names:te:xaenl:1.0:rule-combining-algorithm: pernit-overrides"> <Target/> v<Rule Bffect-"Permit" RuleId-"Example 1 Rule 1"> <Target> v<Subjecta v<Subject> v<SubjectMateh> <Attributevalue DataType-"http://www.w3.org/2001/XMLSchenafatring">Alice Sanaon</Attributevalue> <SubjectattributeDeaignator/> </SubjectNatch> </Subject> </Subjeata CResources> <Resource> <ResourceMatch> <Attributevalue DataType="http://www.w3.org/2001/XMLSchemafanyURI">server.acme.co.uk/docsserver</Attributevalue> <ResourceAttributeDesignator/> </Resourcelatah> </Resource> </Renources> </Target> v<Condition> veApply> v<Apply FunctionId-"urnioasisinames:teixacnl:1.0: functioniand"> VCApply FunctionId-"urnioasis:namesitc:xacnl:2.0: functionitine-in-range"> <Attributevalue Datatype-"http://www.w3.org/2001/XMLSchemaftime">12:00</Attributevalue> CAttributevalue Datatype-"http://www.w3.org/2001/XMLSchemaftine">17:00</Attributevalue> </Apply v<Apply Functionid-"urn:oasis names:te:xaenl:1.0: funetion:date-less-than-or-equal"> CAttributevalue Datatype-"http://www.w3.org/2001/XMLSchenafdate">31:12:2017</AttributeValue> </Apply> </Apply </Apply </Condition> </Rule> <Rule Effect-"Deny" Ruleld-"Example 1 Rule 2"/> </Poliey> <Poliey xmlna-"urn:oaaia:namea:te:xacnl:2.0:policy:achema:os PolicyId-"Example Policy 2" RuleCombiningAlgid="urn:oasis:names:te:xacml:1.0:rule-combining-algorithm:pernit-overrides"> veTarget> veSubjects> <Subject> <SubjectMatch> <Attributevalue DataType-"http://www.w3.org/2001/XMLSchenafatring">Alice Sanaon</Attributevalue> <SubjectattributeDesignator/> </SubjectMatch> </Subject> </Subjects> <Resources> <Resource> <ReaourceMateh> <Attributevalue Datatype-"http://www.w3.org/2001/XMLSchenafanyURI">server.acme.co.uk/docsserver</Attributevalue> <ResourceAttributeDesignator/> </ResourceMatch> </Resource> </Resources> </Target> <Rule Effect="Pernit" RuleId-"Example 2 Rule 1"> v<Condition> <Apply FunctionId="urnioasisinamesitcixacnl:2.0: functionitime-in-range"> <Attributevalue DataType="httpı//www.w3.org/2001/XMLSchemaftime">12100</Attributevalue> <Attributevalue DataType="http://www.w3.org/2001/XMLSchenaftime">17:00</Attributevalue> </Apply> </Condition> </Rule> v<Rule Effect="Permit" RuleId-"Example 2 Rule 2"> veCondition> <Apply FunctionId="urnioasisınames itoixaanlı1.01 functionidate-less-than-or-equal"> <Attributevalue DataType="hetp://www.w3.org/2001/XMLSchenafdate">31:12:2017</Attributevalue> </Apply> </Condition> </Rule <Rule Effect="Deny" RuleId-"Example 2 Rule 3"/> </Policy>