Using Predicates In Policy Rules; Expression Support For Predicates - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual

Introduction to Policy
For general guidelines on developing custom policy modules and adding them to
the CMS policy framework, take a look at the samples installed at this location:
<server_root>/cms_sdk/cms_jdk/samples/policy

Using Predicates in Policy Rules

You can use predicates in a policy rule. A predicate indicates whether the rule that
contains the predicate applies to a request. If you specify a predicate as part of the
rule configuration, the policy rule applies that predicate based on request attributes
to determine whether the rule is applicable for a request.
The policy predicate is a logical expression. You form the expression using
variables and relational operators (
predicate to put the CRL Distribution Point extension only in SSL client certificates,
or set different validity dates for certificates for users in different groups.
The following are sample predicates:
HTTP_PARAMS.certType==client AND HTTP_PARAMS.ou==Engineering
HTTP_PARAMS.certType==server AND HTTP_PARAMS.o==Netscape OR
HTTP_PARAMS.certType==ca

Expression Support for Predicates

You form an expression using an attribute, its value, and one or more of the
operators listed in Table 18-1. For a list of attributes, see "Attributes for Predicates"
on page 564.
Table 18-1 Predicates in policy: supported comparison and logical operators
Operator
==
!=
AND
OR
Note that the expression parsing support currently supports only two comparison
operators (
562 Netscape Certificate Management System Installation and Setup Guide • March 2002
Description
Equal to
Not equal to
Logical operator AND
Logical operator OR
, ) and two relational operators (
== !=
or ). For example, you could set up a
AND OR
,
AND OR
).