OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] attribute designators example

Attribute designators without xpath example. Supporting schemas included (Schemas include only updated types).
This example builds on my previous post on selectors and designators, and xml document use case submitted by Michiharu. Flat context was proposed before by Michiharu Kudo, and Tim Moses.
 
example 1: A person may read any record for which he or she is the designated patient.
Look in the core spec for medical record definition.
 
<Policy PolicyId="RecordOwnerPolicy">
<Target>
        <Subjects>
            <AnySubject>
        </Subjects>
        <Resources>
            <Resource MatchId="function:string-match" DataType="xs:boolean">
                <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xamcl:identifiers:resource-uri"
                    DataType="xs:anyURI"/>
                <AttributeValue DataType="xs:string">//medico.com/record*</AttributeValue>
            </Resource>
        </Resources>
        <Actions>
            <Action MatchId="function:subset" DataType="xs:boolean">
                <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:action:ufs" DataType="xs:string"/>
                <AttributeValue DataType="xs:string">read</AttributeValue>
            </Action>
        </Actions>
</Target>
<RuleSet>
<Rule RuleId="id:100">
    <Target>
        <Subjects>
            <AnySubject>
        </Subjects>
        <Resources>
            <Resource MatchId="function:node-equal" DataType="xs:boolean">
                <ResourceAttributeDesignator AttributeId="Node" DataType="xs:string"/>
                <AttributeValue DataType="xs:string"
                    xmlns:xc="urn:oasis:names:tc:xacml:context" xmlns:m="//medico.com/records.xsd">
                    /xc:XacmlContext/xc:Request/xc:Resource/xc:ResourceContent/m:*
                </AttributeValue>
            </Resource>
        </Resources>
        <Actions>
            <AnyAction>
        </Actions>
    </Target>
    <Condition FunctionId="function:string-equal" DataType="xs:boolean>
        <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:identifier:rfc822Name"
            DataType="urn:oasis:names:tc:xacml:identifier:rfc822Name"
            SubjectCategory="urn:oasis:names:tc:xacml:identifier:access-subject"/>
        <AttributeSelector Format="urn:names:xpath"
            xmlns:xc="urn:oasis:names:tc:xacml:context"
            xmlns:m="medco.com/records.xsd"
            Path="/xc:XacmlContext/xc:Request/xc:Resource/xc:ResourceContent/m:record/m:patient/m:patientName"/>
    </Condition>
</Rule>
</RuleSet>
</Policy>
 
Simon
 

Attachment: core-0.16b-proposal.xsd
Description: text/xml

Attachment: context-0.16b-proposal.xsd
Description: text/xml

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC