Enforcer provides the following cateogries of Oasis functions accessible from ALFA. These functions can be used as part of an expression inside a policy.
To make use of these functions from inside an ALFA file, use the import statement:
import Oasis.Functions
import Enforcer.Functions
Logical
Namespace : Oasis.Functions
AtLeastNAreTrue
function AtLeastNAreTrue = "urn:oasis:names:tc:xacml:1.0:function:n-of"
: numberToBeTrue:integer valuesToCheck:boolean* -> boolean
Will return true if a minimum number of boolean expressions evaluate to true. The first parameter is the minimum number of expressions that must be true, and the remaining parameters are boolean expressions to be considered.
Example
AtLestNAreTrue(2, Subject.AuthenticationScheme == 'Fido',
Subject.AuthenticationScheme == 'TOTP',
Subject.AuthenticationScheme == 'TextPassword');