source: TI12-security/trunk/ndg_xacml/ndg/xacml/test/rule2.xml @ 7064

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/ndg_xacml/ndg/xacml/test/rule2.xml@7666
Revision 7064, 4.9 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • added and and function and placeholders fro xpath-node-* functions
  • Property svn:keywords set to Id
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" 
3    xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" 
4    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
5    xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" 
6    xmlns:xf="http://www.w3.org/TR/2002/WD-xquery-operators-20020816/#" 
7    xmlns:md="http:www.med.example.com/schemas/record.xsd" 
8    PolicyId="urn:oasis:names:tc:xacml:2.0:example:policyid:2" 
9    RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
10
11    <PolicyDefaults>
12        <XPathVersion>http://www.w3.org/TR/1999/Rec-xpath-19991116</XPathVersion>
13    </PolicyDefaults>
14
15    <Target/>
16<!-- VariableDefinition is not currently implemented 29/03/10
17    <VariableDefinition VariableId="17590035">
18        <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:date-less-or-equal">
19            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
20                <EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-date" DataType="http://www.w3.org/2001/XMLSchema#date"/>
21            </Apply>
22            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-add-yearMonthDuration">
23                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
24                    <AttributeSelector RequestContextPath="//xacml-context:Resource/xacml-context:ResourceContent/md:record/md:patient/md:patientDoB/text()" DataType="http://www.w3.org/2001/XMLSchema#date"/>
25                </Apply>
26                <AttributeValue DataType="http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration">
27                    <xf:dt-yearMonthDuration>
28                        P16Y
29                    </xf:dt-yearMonthDuration>
30                </AttributeValue>
31            </Apply>
32        </Apply>
33    </VariableDefinition>
34   -->
35    <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:2" Effect="Permit">
36        <Description>
37            A person may read any medical record in the
38            http://www.med.example.com/records.xsd namespace
39            for which he or she is the designated parent or guardian,
40            and for which the patient is under 16 years of age
41        </Description>
42        <Target>
43            <Resources>
44                <Resource>
45                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
46                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:med:example:schemas:record</AttributeValue>
47                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:target-namespace" DataType="http://www.w3.org/2001/XMLSchema#string"/>
48                    </ResourceMatch>
49                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:xpath-node-match">
50                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/md:record</AttributeValue>
51                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:xpath" DataType="http://www.w3.org/2001/XMLSchema#string"/>
52                    </ResourceMatch>
53                </Resource>
54            </Resources>
55            <Actions>
56                <Action>
57                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
58                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
59                        <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
60                    </ActionMatch>
61                </Action>
62            </Actions>
63        </Target>
64        <Condition>
65            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
66                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
67                    <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
68                        <SubjectAttributeDesignator 
69                         AttributeId="urn:oasis:names:tc:xacml:2.0:example:attribute:parent-guardian-id" 
70                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
71                    </Apply>
72                    <Apply 
73                     FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
74                        <AttributeSelector 
75                         RequestContextPath="//md:record/md:parentGuardian/md:parentGuardianId/text()" 
76                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
77                    </Apply>
78                </Apply>
79                <!--
80                <VariableReference VariableId="17590035"/>
81                -->
82            </Apply>
83        </Condition>
84    </Rule>
85</Policy>
Note: See TracBrowser for help on using the repository browser.