<?xml version="1.0" encoding="UTF-8"?> | |
<!-- | |
Licensed to the Apache Software Foundation (ASF) under one or more | |
contributor license agreements. See the NOTICE file distributed with | |
this work for additional information regarding copyright ownership. | |
The ASF licenses this file to You under the Apache License, Version 2.0 | |
(the "License"); you may not use this file except in compliance with | |
the License. You may obtain a copy of the License at | |
http://www.apache.org/licenses/LICENSE-2.0 | |
Unless required by applicable law or agreed to in writing, software | |
distributed under the License is distributed on an "AS IS" BASIS, | |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
See the License for the specific language governing permissions and | |
limitations under the License. | |
--> | |
<Policy | |
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" | |
xmlns:xacml ="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:md="http://www.med.example.com/schemas/record.xsd" | |
PolicyId="urn:oasis:names:tc:xacml:3.0:example:policyid:1" | |
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" | |
Version="1.0"> | |
<PolicyDefaults> | |
<XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion> | |
</PolicyDefaults> | |
<Target/> | |
<VariableDefinition VariableId="17590034"> | |
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> | |
<Apply | |
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> | |
<AttributeDesignator | |
MustBePresent="false" | |
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" | |
AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:patient-number" | |
DataType="http://www.w3.org/2001/XMLSchema#string"/> | |
</Apply> | |
<Apply | |
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> | |
<AttributeSelector | |
MustBePresent="false" | |
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" | |
Path="md:record/md:patient/md:patient-number/text()" | |
DataType="http://www.w3.org/2001/XMLSchema#string"/> | |
</Apply> | |
</Apply> | |
</VariableDefinition> | |
<Rule | |
RuleId="urn:oasis:names:tc:xacml:3.0:example:ruleid:1" | |
Effect="Permit"> | |
<Description> | |
A person may read any medical record in the | |
http://www.med.example.com/schemas/record.xsd namespace | |
for which he or she is the designated patient | |
</Description> | |
<Target> | |
<AnyOf> | |
<AllOf> | |
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> | |
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI" | |
>urn:example:med:schemas:record</AttributeValue> | |
<AttributeDesignator | |
MustBePresent="false" | |
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" | |
AttributeId="urn:oasis:names:tc:xacml:2.0:resource:target-namespace" | |
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> | |
</Match> | |
<Match | |
MatchId="urn:oasis:names:tc:xacml:3.0:function:xpath-node-match"> | |
<AttributeValue | |
DataType="urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression" | |
XPathCategory="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" | |
>md:record</AttributeValue> | |
<AttributeDesignator | |
MustBePresent="false" | |
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" | |
AttributeId="urn:oasis:names:tc:xacml:3.0:content-selector" | |
DataType="urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression"/> | |
</Match> | |
</AllOf> | |
</AnyOf> | |
<AnyOf> | |
<AllOf> | |
<Match | |
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> | |
<AttributeValue | |
DataType="http://www.w3.org/2001/XMLSchema#string" | |
>read</AttributeValue> | |
<AttributeDesignator | |
MustBePresent="false" | |
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" | |
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" | |
DataType="http://www.w3.org/2001/XMLSchema#string"/> | |
</Match> | |
</AllOf> | |
</AnyOf> | |
</Target> | |
<Condition> | |
<VariableReference VariableId="17590034"/> | |
</Condition> | |
</Rule> | |
</Policy> |