[jboss-cvs] JBossAS SVN: r71532 - in projects/security/security-xacml/trunk/jboss-xacml/src/tests: resources/test/policies/rsaconf and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Mar 31 18:35:38 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-03-31 18:35:37 -0400 (Mon, 31 Mar 2008)
New Revision: 71532
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/patient_search.xml
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
Log:
interop test iteration
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java 2008-03-31 22:35:37 UTC (rev 71532)
@@ -40,6 +40,151 @@
*/
public class PhysicianUnitTestCase extends TestCase
{
+ public void testRequest01_01() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
+ <!-- **************************************************************** -->
+ **/
+
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-01-01.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest01_02() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-01-02.xml");
+ assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
+ }
+
+ public void testRequest01_03() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 1-03: Should be Perm: Dr A has all reqd perms +2 extra -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-01-03.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest02_01() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 2-01: Should be Deny: provides role but needs perms -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-02-01.xml");
+ assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
+ }
+
+ public void testRequest02_02() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 2-02: Should be Deny: Dr A is on dissented list -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-02-02.xml");
+ assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
+ }
+
+ public void testRequest02_03() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 2-03: Should be Perm: Dr A is not on dissented list -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-02-03.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest03_01() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 3-01: Should be Deny: signed = Fals, Dr. A not author -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-03-01.xml");
+ assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
+ }
+
+ public void testRequest03_02() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 3-02: Should be Permit: sign = True, Dr. A not author -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-03-02.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest03_03() throws Exception
+ {
+ /**
+ *
+ !-- **************************************************************** -->
+ <!-- Test case 3-03: Should be Perm: signed = Fals, Dr. A is author -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-03-03.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest05_01() throws Exception
+ {
+ /**
+ * **************************************************************** -->
+ <!-- Test case 5-01: Should be Perm + Obl: Dr A is on dissented list -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-05-01.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
+ public void testRequest05_02() throws Exception
+ {
+ /**
+ * <!-- **************************************************************** -->
+ <!-- Test case 5-02: Should be Perm: no obl; Dr A not on dis-list -->
+ <!-- **************************************************************** -->
+ */
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/XacmlRequest-05-02.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
public void testNConfidentialityCode() throws Exception
{
System.setProperty("debug","true");
@@ -56,6 +201,14 @@
assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
}
+ public void testPatientSearch() throws Exception
+ {
+ System.setProperty("debug","true");
+ int decision = XACMLTestUtil.getDecision(getPDP(),
+ "test/requests/interop/rsaconf08/patient_search.xml");
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ }
+
private PolicyDecisionPoint getPDP()
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -12,7 +12,7 @@
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel:CDA"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
@@ -25,10 +25,21 @@
>UBA</AttributeValue>
<ResourceAttributeDesignator
AttributeId=
- "urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target>
+ <Resources>
<Resource>
<ResourceMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
@@ -37,24 +48,60 @@
>MA</AttributeValue>
<ResourceAttributeDesignator
AttributeId=
- "urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
</Target>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:CDA</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
+ Effect="Permit">
+ <Description>
+ If a Deny was obtained for object above then set Permit by default.
+ </Description>
+ </Rule>
+ </Policy>
</PolicySet>
<PolicySet
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel:N"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
+ PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
<Target>
</Target>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:N</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:N:PermCollections</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
</PolicySet>
</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -4,27 +4,30 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:CDA"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:CDA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
- Policy set for the CDA confidentiality code.
+ Policy set for the UBA confidentiality code.
</Description>
<Target/>
<Policy
- PolicyId="urn:oasis:names:tc:xacml:interop:policyid:CDA"
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:CDA"
RuleCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target/>
<Rule
- RuleId="urn:oasis:names:tc:xacml:interop:rule:CDA:1"
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:1"
Effect="Permit">
<Description>
- If the access subject is one of those users which have been
- given consent to, then permit.
+ If the access subject is NOT one of those users which consent has
+ been removed, then permit.
</Description>
<Target/>
<Condition>
+ <!-- True if hl7:dissented-subject-id NOT EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
@@ -34,17 +37,26 @@
</Apply>
<ResourceAttributeDesignator
AttributeId=
- "urn:oasis:names:tc:xacml:interop:resource:consented-subject-id"
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
+ </Apply>
</Condition>
</Rule>
<Rule
- RuleId="urn:oasis:names:tc:xacml:interop:rule:CDA:2"
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:CDA:2"
Effect="Deny">
<Description>
- Deny by default.
+ If a Permit was not obtained above then set Deny by default.
</Description>
</Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:privacy:constraint"
+ FulfillOn="Deny"/>
+ </Obligations>
</Policy>
-</PolicySet>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:N"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -14,7 +14,7 @@
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:RPS:physician"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:physician"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
@@ -24,7 +24,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:role:hl7:physician</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
@@ -33,6 +33,6 @@
</Subjects>
</Target>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
</PolicySet>
</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:PermCollections"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -14,9 +14,22 @@
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:med-rec-perm-set"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set"
PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
+ <Target/>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-0"
+ PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:med-rec-perm-set-1"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
<Subjects>
<Subject>
@@ -24,69 +37,70 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-003</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-005</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-006</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-009</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-010</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-012</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:hl7:prd-017</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
</Target>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
+ </PolicySet>
</PolicySet>
</PolicySet>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the UBA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
+ Effect="Permit">
+ <Description>
+ If the progress-note is signed allow any user to see it. If not signed
+ then only author may see it.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >True</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
+ Effect="Permit">
+ <Description>
+ If a Permit was not obtained then subject must be author.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP access denied unsigned non-author -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -5,7 +5,7 @@
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
PolicySetId=
- "urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole"
+ "urn:va:xacml:2.0:interop:rsa8:policysetid:N:RPS:med-rec-vrole"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -14,5 +14,5 @@
</Description>
<Target/>
<PolicySetIdReference
- >urn:xacml:2.0:interop:example:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004</PolicySetIdReference>
</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-31 22:30:53 UTC (rev 71531)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:PPS:PRD-004"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:N:PPS:PRD-004"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -13,7 +13,7 @@
</Description>
<Target/>
<Policy
- PolicyId="urn:xacml:2.0:interop:example:policyid:N:PPS:PRD-004:1"
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
RuleCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Target>
@@ -23,16 +23,126 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:xacml:2.0:interop:example:resource:hl7:medical-record</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
<ResourceAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:resource:type"
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:demographics</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:chart</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:problemlist</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:procedures</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:laboratory</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:vitals</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progressnotes</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
</Resources>
</Target>
<Rule
- RuleId="urn:xacml:2.0:interop:example:policy:N:PPS:PRD-004:1:rule:1"
+ RuleId="urn:va:xacml:2.0:interop:rsa8:policy:N:PPS:PRD-004:1:rule:1"
Effect="Permit">
<Condition>
@@ -44,17 +154,17 @@
<!-- 1st argument: returns the values of all Attributes with -->
<!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
- <!-- AttributeId="urn:xacml:2.0:interop:example:resource:hl7:permission" -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" -->
<ResourceAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"
- AttributeId="urn:xacml:2.0:interop:example:resource:hl7:permission"/>
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"/>
<!-- 2nd argument: returns the values of all Attributes with -->
<!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
- <!-- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission" -->
+ <!-- AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" -->
<SubjectAttributeDesignator
DataType="http://www.w3.org/2001/XMLSchema#string"
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"/>
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"/>
</Apply>
</Condition>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the UBA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
+ Effect="Permit">
+ <Description>
+ If the progress-note is signed allow any user to see it. If not signed
+ then only author may see it.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >True</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
+ Effect="Permit">
+ <Description>
+ If a Permit was not obtained then subject must be author.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP access denied unsigned non-author -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
+ FulfillOn="Deny"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-03: Should be Perm: Dr A has all reqd perms +2 extra -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 2-01: Should be Deny: provides role but needs perms -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and U confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:role:hl7:physician</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>UBA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 2-02: Should be Deny: Dr A is on dissented list -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>UBA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 2-03: Should be Perm: Dr A is not on dissented list -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>UBA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Bob</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 3-01: Should be Deny: signed = Fals, Dr. A not author -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>False</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Bob</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 3-02: Should be Permit: sign = True, Dr. A not author -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>True</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Bob</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 3-03: Should be Perm: signed = Fals, Dr. A is author -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>False</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-01.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 5-01: Should be Perm + Obl: Dr A is on dissented list -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>MA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-02.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-05-02.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 5-02: Should be Perm: no obl; Dr A not on dis-list -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>MA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Bob</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment/>
+</Request>
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/patient_search.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/patient_search.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/patient_search.xml 2008-03-31 22:35:37 UTC (rev 71532)
@@ -0,0 +1,49 @@
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+<Subject
+SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+<Attribute
+AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>Doctor, Bob</AttributeValue>
+</Attribute>
+<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:role"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>physician</AttributeValue>
+</Attribute>
+<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+</Attribute>
+<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:locality"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>Facility A</AttributeValue>
+</Attribute>
+</Subject>
+<Resource>
+<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:resource:hl7:patientsearch</AttributeValue>
+</Attribute>
+<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+</Attribute>
+</Resource>
+<Action>
+<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+DataType="http://www.w3.org/2001/XMLSchema#string" >
+<AttributeValue>execute</AttributeValue>
+</Attribute>
+</Action>
+<Environment></Environment>
+</Request>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list