xacml message

Subject: [xacml] Sample rule in new syntax

From: Tim Moses <tim.moses@entrust.com>
To: 'XACML' <xacml@lists.oasis-open.org>
Date: Thu, 11 Jul 2002 13:48:09 -0400

Title: Sample rule in new syntax

Colleagues - Just to give you a concrete example to look at, "rule 1" looks something like this in our new syntax. All the best. Tim.

<?xml version="1.0" encoding="UTF-8"?>
<Rule RuleId="//medico.com/rules/rule1" Effect="Permit" xmlns="urn:oasis:names:tc:xacml:0.15g:policy" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:0.15g:policy

D:\MYDOCU~1\Standards\XACML\v15\draft-xacml-schema-policy-15g.xsd">
        <Description>A person may read any record for which he or she is the designated patient</Description>
        <Target>
                <Subjects>
                        <AttributeDesignator Designator="//xacmlContext/Request/Subject/SubjectAttribute/Attribute[@DataType='urn:oasis:names:tc:xacml:0.15g:identifier:rfc822Name']/Value" DataType="xs:anyURI"/>

                        <Attribute DataType="xs:anyURI">
                                <Value>//medico.com/record.*</Value>
                        </Attribute>
                </Resources>
                <Actions>
                        <saml:Action>read</saml:Action>
                </Actions>
        </Target>
        <Condition Name="urn:oasis:names:tc:XACML:0.15g:operators:string-equal" DataType="xs:boolean">
                <AttributeDesignator Designator="urn:oasis:names:tc:xacml:0.15g:identifier:AccessSubject" DataType="xs:string"/>

-----------------------------------------
Tim Moses
Tel: 613.270.3183