source: TI12-security/trunk/NDG_XACML/ndg/xacml/test/rule2.xml @ 6751

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDG_XACML/ndg/xacml/test/rule2.xml@6751
Revision 6751, 4.9 KB checked in by pjkersha, 10 years ago (diff)

Working rule1 example parsing, working on rule2 which contains a target resource.

Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" xmlns:xf="http://www.w3.org/TR/2002/WD-xquery-operators-20020816/#" xmlns:md="http:www.med.example.com/schemas/record.xsd" PolicyId="urn:oasis:names:tc:xacml:2.0:example:policyid:2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
3<!--
4    <PolicyDefaults>
5        <XPathVersion>http://www.w3.org/TR/1999/Rec-xpath-19991116</XPathVersion>
6    </PolicyDefaults>
7    <Target/>
8    <VariableDefinition VariableId="17590035">
9        <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:date-less-or-equal">
10            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
11                <EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-date" DataType="http://www.w3.org/2001/XMLSchema#date"/>
12            </Apply>
13            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-add-yearMonthDuration">
14                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
15                    <AttributeSelector RequestContextPath="//xacml-context:Resource/xacml-context:ResourceContent/md:record/md:patient/md:patientDoB/text()" DataType="http://www.w3.org/2001/XMLSchema#date"/>
16                </Apply>
17                <AttributeValue DataType="http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration">
18                    <xf:dt-yearMonthDuration>
19                        P16Y
20                    </xf:dt-yearMonthDuration>
21                </AttributeValue>
22            </Apply>
23        </Apply>
24    </VariableDefinition>
25   -->
26    <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:2" Effect="Permit">
27        <Description>
28            A person may read any medical record in the
29            http://www.med.example.com/records.xsd namespace
30            for which he or she is the designated parent or guardian,
31            and for which the patient is under 16 years of age
32        </Description>
33        <Target>
34            <Resources>
35                <Resource>
36                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
37                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
38                            urn:med:example:schemas:record
39                        </AttributeValue>
40                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:target-namespace" DataType="http://www.w3.org/2001/XMLSchema#string"/>
41                    </ResourceMatch>
42                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:xpath-node-match">
43                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
44                            /md:record
45                        </AttributeValue>
46                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:xpath" DataType="http://www.w3.org/2001/XMLSchema#string"/>
47                    </ResourceMatch>
48                </Resource>
49            </Resources>
50            <Actions>
51                <Action>
52                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
53                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
54                            read
55                        </AttributeValue>
56                        <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
57                    </ActionMatch>
58                </Action>
59            </Actions>
60        </Target>
61        <Condition>
62            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
63                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
64                    <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
65                        <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:example:attribute:
66                            parent-guardian-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
67                    </Apply>
68                    <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
69                        <AttributeSelector RequestContextPath="//md:record/md:parentGuardian/md:parentGuardianId/text()" DataType="http://www.w3.org/2001/XMLSchema#string"/>
70                    </Apply>
71                </Apply>
72                <VariableReference VariableId="17590035"/>
73            </Apply>
74        </Condition>
75    </Rule>
76</Policy>
Note: See TracBrowser for help on using the repository browser.