OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] attribute designators example

  • 1.  [xacml] attribute designators example

    Posted 07-26-2002 03:47
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] attribute designators example


    Attribute designators without xpath example. Supporting schemas included (Schemas include only updated types).
    This example builds on my previous post on selectors and designators, and xml document use case submitted by Michiharu. Flat context was proposed before by Michiharu Kudo, and Tim Moses.
     
    example 1: A person may read any record for which he or she is the designated patient.
    Look in the core spec for medical record definition.
     
    <Policy PolicyId="RecordOwnerPolicy">
    <Target>
            <Subjects>
                <AnySubject>
            </Subjects>
            <Resources>
                <Resource MatchId="function:string-match" DataType="xs:boolean">
                    <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xamcl:identifiers:resource-uri"
                        DataType="xs:anyURI"/>
                    <AttributeValue DataType="xs:string">//medico.com/record*</AttributeValue>
                </Resource>
            </Resources>
            <Actions>
                <Action MatchId="function:subset" DataType="xs:boolean">
                    <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:action:ufs" DataType="xs:string"/>
                    <AttributeValue DataType="xs:string">read</AttributeValue>
                </Action>
            </Actions>
    </Target>
    <RuleSet>
    <Rule RuleId="id:100">
        <Target>
            <Subjects>
                <AnySubject>
            </Subjects>
            <Resources>
                <Resource MatchId="function:node-equal" DataType="xs:boolean">
                    <ResourceAttributeDesignator AttributeId="Node" DataType="xs:string"/>
                    <AttributeValue DataType="xs:string"
                        xmlns:xc="urn:oasis:names:tc:xacml:context" xmlns:m="//medico.com/records.xsd">
                        /xc:XacmlContext/xc:Request/xc:Resource/xc:ResourceContent/m:*
                    </AttributeValue>
                </Resource>
            </Resources>
            <Actions>
                <AnyAction>
            </Actions>
        </Target>
        <Condition FunctionId="function:string-equal" DataType="xs:boolean>
            <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:identifier:rfc822Name"
                DataType="urn:oasis:names:tc:xacml:identifier:rfc822Name"
                SubjectCategory="urn:oasis:names:tc:xacml:identifier:access-subject"/>
            <AttributeSelector Format="urn:names:xpath"
                xmlns:xc="urn:oasis:names:tc:xacml:context"
                xmlns:m="medco.com/records.xsd"
                Path="/xc:XacmlContext/xc:Request/xc:Resource/xc:ResourceContent/m:record/m:patient/m:patientName"/>
        </Condition>
    </Rule>
    </RuleSet>
    </Policy>
     
    Simon
     

    Attachment: core-0.16b-proposal.xsd
    Description: text/xml

    Attachment: context-0.16b-proposal.xsd
    Description: text/xml



    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC