source: TI12-security/trunk/ndg_xacml/ndg/xacml/test/rule4.xml @ 7064

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/ndg_xacml/ndg/xacml/test/rule4.xml@7666
Revision 7064, 3.4 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • added and and function and placeholders fro xpath-node-* functions
  • Property svn:keywords set to Id
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" xmlns:md="http:www.med.example.com/schemas/record.xsd" PolicyId="urn:oasis:names:tc:xacml:2.0:example:policyid:4" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
3    <PolicyDefaults>
4        <XPathVersion>http://www.w3.org/TR/1999/Rec-xpath-19991116</XPathVersion>
5    </PolicyDefaults>
6    <Target/>
7    <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:4" Effect="Deny">
8        <Description>
9            An Administrator shall not be permitted to read or write
10            medical elements of a patient record in the
11            http://www.med.example.com/records.xsd namespace.
12        </Description>
13        <Target>
14            <Subjects>
15                <Subject>
16                    <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
17                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue>
18                        <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:example:attribute:role" DataType="http://www.w3.org/2001/XMLSchema#string"/>
19                    </SubjectMatch>
20                </Subject>
21            </Subjects>
22            <Resources>
23                <Resource>
24                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
25                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:med:example:schemas:record</AttributeValue>
26                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:target-namespace" DataType="http://www.w3.org/2001/XMLSchema#string"/>
27                    </ResourceMatch>
28                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:xpath-node-match">
29                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/md:record/md:medical</AttributeValue>
30                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:xpath" DataType="http://www.w3.org/2001/XMLSchema#string"/>
31                    </ResourceMatch>
32                </Resource>
33            </Resources>
34            <Actions>
35                <Action>
36                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
37                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
38                        <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
39                    </ActionMatch>
40                </Action>
41                <Action>
42                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
43                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
44                        <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
45                    </ActionMatch>
46                </Action>
47            </Actions>
48        </Target>
49    </Rule>
50</Policy>
Note: See TracBrowser for help on using the repository browser.