openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IIA003mvbPolicy.txt - incubator-retired-openaz - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <Policy
       xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
         access_control-xacml-2.0-policy-schema-os.xsd"
       PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:policy"
       RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
     <Description>
         Policy for Conformance Test IIA003.
     </Description>
     <Target/>
     <Rule
           RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:rule"
           Effect="Permit">
         <Description>
             A subject with a "bogus" attribute with a value of
             "Physician" can read or write Bart Simpson's medical
             record.
         </Description>
         <Target>
             <Subjects>
                 <Subject>
                     <SubjectMatch
                           MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                         <AttributeValue
                               DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
                         <SubjectAttributeDesignator
                     </SubjectMatch>
                 </Subject>
             </Subjects>
             <Resources>
                 <Resource>
                     <ResourceMatch
                           MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                         <AttributeValue
                               DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
                         <ResourceAttributeDesignator
                               AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
                               DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
                     </ResourceMatch>
                 </Resource>
             </Resources>
             <Actions>
                 <Action>
                     <ActionMatch
                           MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                         <AttributeValue
                               DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                         <ActionAttributeDesignator
                               AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                               DataType="http://www.w3.org/2001/XMLSchema#string"/>
                     </ActionMatch>
                 </Action>
                 <Action>
                     <ActionMatch
                           MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                         <AttributeValue
                               DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
                         <ActionAttributeDesignator
                               AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                               DataType="http://www.w3.org/2001/XMLSchema#string"/>
                     </ActionMatch>
                 </Action>
             </Actions>
         </Target>
     </Rule>
 </Policy>
	<?xml version="1.0" encoding="UTF-8"?>
	<Policy
	xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
	access_control-xacml-2.0-policy-schema-os.xsd"
	PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:policy"
	RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
	<Description>
	Policy for Conformance Test IIA003.
	</Description>
	<Target/>
	<Rule
	RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:rule"
	Effect="Permit">
	<Description>
	A subject with a "bogus" attribute with a value of
	"Physician" can read or write Bart Simpson's medical
	record.
	</Description>
	<Target>
	<Subjects>
	<Subject>
	<SubjectMatch
	MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
	<AttributeValue
	DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
	<SubjectAttributeDesignator
	</SubjectMatch>
	</Subject>
	</Subjects>
	<Resources>
	<Resource>
	<ResourceMatch
	MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
	<AttributeValue
	DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
	<ResourceAttributeDesignator
	AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
	DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
	</ResourceMatch>
	</Resource>
	</Resources>
	<Actions>
	<Action>
	<ActionMatch
	MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
	<AttributeValue
	DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
	<ActionAttributeDesignator
	AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
	DataType="http://www.w3.org/2001/XMLSchema#string"/>
	</ActionMatch>
	</Action>
	<Action>
	<ActionMatch
	MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
	<AttributeValue
	DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
	<ActionAttributeDesignator
	AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
	DataType="http://www.w3.org/2001/XMLSchema#string"/>
	</ActionMatch>
	</Action>
	</Actions>
	</Target>
	</Rule>
	</Policy>