Google Git
Sign in
apache / incubator-retired-openaz / 94fcdd909415aec1d5f93a54cff29418dafb650e / . / openaz-xacml-test / testsets / conformance / xacml3.0-ct-v.0.4 / IIIA318Policy.xml
blob: 63add1d1da47bb884565cf0f64993c213393d857 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides" PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
<Description>
PolicySet for Conformance Test IIIA018.
Purpose: test Advices on Policies, Case: Deny: PolicyCombiningAlgorithm PermitOverrides
</Description>
<Target/>
<Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
<Description>
Policy1 for Conformance Test IIIA018.
</Description>
<Target/>
<Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:rule1">
<Description>
A subject whose name is J. Hibbert may not
read Bart Simpson's medical record. NOTAPPLICABLE
</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
<AdviceExpressions>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:Advice-1">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:Advice-2">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:Advice-3">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:Advice-4">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy1:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
</AdviceExpressions>
</Policy>
<Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
<Description>
Policy2 for Conformance Test IIIA018.
</Description>
<Target/>
<Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:rule2">
<Description>
A subject who is at least 100 years older than Bart
Simpson may perform any action on any resource.
record. NOT APPLICABLE.
</Description>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
</Apply>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">100</AttributeValue>
</Apply>
</Condition>
</Rule>
<AdviceExpressions>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:Advice-1">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:Advice-2">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:Advice-3">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:Advice-4">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy2:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
</AdviceExpressions>
</Policy>
<Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy4" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
<Description>
Policy4 for Conformance Test IIIA018.
</Description>
<Target/>
<Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:rule4">
<Description>
A subject whose name is Julius Hibbert may not
perform any action on any resource. DENY.
</Description>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
</Apply>
</Condition>
</Rule>
<AdviceExpressions>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:Advice-1">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:Advice-2">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:Advice-3">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:Advice-4">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policy3:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
</AdviceExpressions>
</Policy>
<AdviceExpressions>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:Advice-1">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:Advice-2">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:Advice-3">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
<AdviceExpression AppliesTo="Deny" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:Advice-4">
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment1">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
</AttributeAssignmentExpression>
<AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIIA018:policyset:assignment2">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
</AttributeAssignmentExpression>
</AdviceExpression>
</AdviceExpressions>
</PolicySet>