Just check for existence in ALFA target clause

Question

I want write a target clause that says "If a certain attribute is set (oneAndOnly), then the policy applies". I have seen the [mustbepresent] thing, however, it always requires a comparator (like ==).

This was my approch, but the syntax checker complains...

policy reportPolicies  {
        target  clause stringBagSize(my.company.person.doctor.id)==1        
}

I've seen you defining a string attribute "resourceType" but I don't like to define such a meta attribute. I'd rather like to check for existence of certain attributes.

Answer 1

Again, great questions. Yes I often use an artificial attribute e.g. resourceType and compare it to values e.g. medical record or transaction. You do not have to do that because the attribute identifiers themselves convey the fact that you are dealing with one or another. However, I do think that it helps the policy be more readable.

On to the other issue: how to make sure an attribute has at least one value. In a Target element you can use the mustBePresent tag but I do not like it. If the attribute has no value, then the PDP returns Indeterminate and it short-circuits evaluation.

An alternative is to compare an attribute using > (greater than). For instance:

• clause user.role > ""
• clause user.age>0

That will force the value to be defined.

The cleaner way to do this, though, is to use bag functions inside a condition. For instance

condition stringBagSize(user.role)>0 // True if the user has at least one role