There are occasional error messages originated
from Strongswan during access of the attribute
credentials, but ABAC seems to be working. It
is. Those messages are due to libstrongswan not
handling certain value of authorizedKeyIdentifier
as expected even though it really should not need
to process for it (it does not need it).

Here are sample of messages coming through the 
stderr pipe,

L6 - keyIdentifier:  length of ASN.1 object invalid or too large
L6 - authorityCertSerialNumber:  length of ASN.1 object invalid or too large

You might also see messages about authorityCertIssuer

Do report to us if your ABAC is not behaving as 
expected and messages like above seem to be a factor..