1 - Goal
This use case test verifies that:
- the ADR Consumer can request access to XDS resources, and get access accordingly to the response of the ADR Provider.
- the ADR Provider can contact the PPQ Policy Repository of its community in order to access and interpret its policies.
2 - Prerequisite
The Policy Repository of the community must contain policies to be queried.
The ADR profiles needs TLS for the communication. However, to record the transaction with the Gazelle proxy, you shall disable the TLS communication. If you cannot disable the TLS communication, you shall save the transaction to your log.
The ADR request must also be grouped with provide a valid XUA assertion.
3 - Description
In this test scenario the test participants shall:
- The ADR Consumer sends an ADR Authorization Access Request (XAMLAuthzDecisionQueryRequest) grouped with an approved XUA assertion to the ADR Provider.
- The ADR Provider accesses the PPQ Policy Repository, retrieves the authorization decision, interprets the policy and sends a response to the ADR Consumer according the stored policies.
- According to the response of the ADR provider, the ADR consumer shall or shall not obtain access to the requested ressources.
In its request, the ADR consumer shall precise the following information:
Subject part
- subject-id
- subject-id-qualifier
- homeCommunityId
- organization-id
Resource part (x3)
- resource-id
- epr-spid : @root @extension
- confidentiality-code : @displayName
Action part
If you need help, you can find exemples
here.
4 - Evidences
Test participants shall provide the logs of the following messages exchanged during the test:
- ADR Authorization Access Request from the ADR Consumer to ADR Provider
- The retrieved decision of the PPQ Policy Repository by the ADR Provider
- The response of the ADR Provider to the ADR Consumer
5 - Evaluation
Ideally, the Projectathon monitor can observe all queries and evaluate response.
Additionally, the gazelle proxy offers the opportunity to examine messages in the exchanges between Consumer and Provider.
Additionaly, we expect that all the messages exchanged to be validated in EVSClient.