    Posted 07-26-2002
    Attribute designators without xpath example. Supporting schemas included (Schemas include only updated types).
    This example builds on my previous post on selectors and designators, and xml document use case submitted by Michiharu. Flat context was proposed before by Michiharu Kudo, and Tim Moses.
    example 1: A person may read any record for which he or she is the designated patient.
    Look in the core spec for medical record definition.
    <Policy PolicyId="RecordOwnerPolicy">
                <Resource MatchId="function:string-match" DataType="xs:boolean">
                    <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xamcl:identifiers:resource-uri"
                    <AttributeValue DataType="xs:string">//medico.com/record*</AttributeValue>
                <Action MatchId="function:subset" DataType="xs:boolean">
                    <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:action:ufs" DataType="xs:string"/>
                    <AttributeValue DataType="xs:string">read</AttributeValue>
    <Rule RuleId="id:100">
                <Resource MatchId="function:node-equal" DataType="xs:boolean">
                    <ResourceAttributeDesignator AttributeId="Node" DataType="xs:string"/>
                    <AttributeValue DataType="xs:string"
                        xmlns:xc="urn:oasis:names:tc:xacml:context" xmlns:m="//medico.com/records.xsd">
        <Condition FunctionId="function:string-equal" DataType="xs:boolean>
            <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:identifier:rfc822Name"
            <AttributeSelector Format="urn:names:xpath"

