source: TI12-security/trunk/NDG_XACML/ndg/xacml/test/rule2.xml @ 6783

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDG_XACML/ndg/xacml/test/rule2.xml@6783
Revision 6783, 5.1 KB checked in by pjkersha, 11 years ago (diff)
  • Started work on processing for <Condition> statement of <Rule>.
  • Fixed ndg1.xml for correct Condition statement for setting a - user must have at least one of these roles - condition.
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" 
3    xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" 
4    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
5    xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" 
6    xmlns:xf="http://www.w3.org/TR/2002/WD-xquery-operators-20020816/#" 
7    xmlns:md="http:www.med.example.com/schemas/record.xsd" 
8    PolicyId="urn:oasis:names:tc:xacml:2.0:example:policyid:2" 
9    RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
10
11    <PolicyDefaults>
12        <XPathVersion>http://www.w3.org/TR/1999/Rec-xpath-19991116</XPathVersion>
13    </PolicyDefaults>
14
15    <Target/>
16<!-- VariableDefinition is not currently implemented 29/03/10
17    <VariableDefinition VariableId="17590035">
18        <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:date-less-or-equal">
19            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
20                <EnvironmentAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-date" DataType="http://www.w3.org/2001/XMLSchema#date"/>
21            </Apply>
22            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-add-yearMonthDuration">
23                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-one-and-only">
24                    <AttributeSelector RequestContextPath="//xacml-context:Resource/xacml-context:ResourceContent/md:record/md:patient/md:patientDoB/text()" DataType="http://www.w3.org/2001/XMLSchema#date"/>
25                </Apply>
26                <AttributeValue DataType="http://www.w3.org/TR/2002/WD-xquery-operators-20020816#yearMonthDuration">
27                    <xf:dt-yearMonthDuration>
28                        P16Y
29                    </xf:dt-yearMonthDuration>
30                </AttributeValue>
31            </Apply>
32        </Apply>
33    </VariableDefinition>
34   -->
35    <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:ruleid:2" Effect="Permit">
36        <Description>
37            A person may read any medical record in the
38            http://www.med.example.com/records.xsd namespace
39            for which he or she is the designated parent or guardian,
40            and for which the patient is under 16 years of age
41        </Description>
42        <Target>
43            <Resources>
44                <Resource>
45                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
46                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
47                            urn:med:example:schemas:record
48                        </AttributeValue>
49                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:target-namespace" DataType="http://www.w3.org/2001/XMLSchema#string"/>
50                    </ResourceMatch>
51                    <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:xpath-node-match">
52                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
53                            /md:record
54                        </AttributeValue>
55                        <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:xpath" DataType="http://www.w3.org/2001/XMLSchema#string"/>
56                    </ResourceMatch>
57                </Resource>
58            </Resources>
59            <Actions>
60                <Action>
61                    <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
62                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
63                            read
64                        </AttributeValue>
65                        <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
66                    </ActionMatch>
67                </Action>
68            </Actions>
69        </Target>
70        <Condition>
71            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
72                <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
73                    <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
74                        <SubjectAttributeDesignator 
75                         AttributeId="urn:oasis:names:tc:xacml:2.0:example:attribute:parent-guardian-id" 
76                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
77                    </Apply>
78                    <Apply 
79                     FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
80                        <AttributeSelector 
81                         RequestContextPath="//md:record/md:parentGuardian/md:parentGuardianId/text()" 
82                         DataType="http://www.w3.org/2001/XMLSchema#string"/>
83                    </Apply>
84                </Apply>
85                <!--
86                <VariableReference VariableId="17590035"/>
87                -->
88            </Apply>
89        </Condition>
90    </Rule>
91</Policy>
Note: See TracBrowser for help on using the repository browser.