Author: anil.saldhana(a)jboss.com Date: 2009-03-17 11:43:03 -0400 (Tue, 17 Mar 2009) New Revision: 371 Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/samlxacml.xml identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/soap-request.xml Modified: identity-federation/trunk/identity-bindings/.classpath identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/tomcat/bindings/Tomcat5TestCase.java Log: cp Modified: identity-federation/trunk/identity-bindings/.classpath =================================================================== --- identity-federation/trunk/identity-bindings/.classpath 2009-03-17 15:41:08 UTC (rev 370) +++ identity-federation/trunk/identity-bindings/.classpath 2009-03-17 15:43:03 UTC (rev 371) @@ -1,32 +1,32 @@ <classpath> - <classpathentry kind="src" path="src/main/java"/> - <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/> - <classpathentry kind="src" path="src/test/java" output="target/test-classes"/> - <classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/> - <classpathentry kind="output" path="target/classes"/> - <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> - <classpathentry kind="var" path="M2_REPO/sun-jaf/activation/1.1/activation-1.1.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/annotations-api/6.0.18/annotations-api-6.0.18.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/catalina/6.0.18/catalina-6.0.18.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-modeler/commons-modeler/1.1patch/commons-modeler-1.1patch.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/coyote/6.0.18/coyote-6.0.18.jar"/> - <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.9/jaxb-api-2.1.9.jar" sourcepath="M2_REPO/sun-jaxb/jaxb-api/2.1.9/jaxb-api-2.1.9-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.9/jaxb-impl-2.1.9.jar" sourcepath="M2_REPO/sun-jaxb/jaxb-impl/2.1.9/jaxb-impl-2.1.9-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/sun-jaxws/jaxws-api/2.1.1/jaxws-api-2.1.1.jar"/> - <classpathentry kind="src" path="/jboss-identity-fed-api"/> - <classpathentry kind="src" path="/jboss-identity-fed-core"/> - <classpathentry kind="src" path="/jboss-identity-fed-model"/> - <classpathentry kind="src" path="/jboss-identity-xmlsec-model"/> - <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.3.CR1/jbossxacml-2.0.3.CR1.jar" sourcepath="M2_REPO/org/jboss/security/jbossxacml/2.0.3.CR1/jbossxacml-2.0.3.CR1-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/juli/6.0.18/juli-6.0.18.jar"/> - <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-tomcat/naming-resources/5.5.12/naming-resources-5.5.12.jar"/> - <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/servlet-api/6.0.18/servlet-api-6.0.18.jar"/> - <classpathentry kind="var" path="M2_REPO/stax/stax-api/1.0/stax-api-1.0.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-tomcat/tomcat-http/5.5.12/tomcat-http-5.5.12.jar"/> - <classpathentry kind="var" path="M2_REPO/apache-tomcat/tomcat-util/5.5.12/tomcat-util-5.5.12.jar"/> - <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.1/xmlsec-1.4.1.jar"/> -</classpath> \ No newline at end of file + <classpathentry kind="src" path="src/main/java"/> + <classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/> + <classpathentry kind="src" output="target/test-classes" path="src/test/java"/> + <classpathentry excluding="**/*.java" kind="src" output="target/test-classes" path="src/test/resources"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> + <classpathentry kind="var" path="M2_REPO/sun-jaf/activation/1.1/activation-1.1.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/annotations-api/6.0.18/annotations-api-6.0.18.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/catalina/6.0.18/catalina-6.0.18.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-modeler/commons-modeler/1.1patch/commons-modeler-1.1patch.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/coyote/6.0.18/coyote-6.0.18.jar"/> + <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-api/2.1.9/jaxb-api-2.1.9.jar" sourcepath="M2_REPO/sun-jaxb/jaxb-api/2.1.9/jaxb-api-2.1.9-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/sun-jaxb/jaxb-impl/2.1.9/jaxb-impl-2.1.9.jar" sourcepath="M2_REPO/sun-jaxb/jaxb-impl/2.1.9/jaxb-impl-2.1.9-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbossxacml/2.0.3.CR1/jbossxacml-2.0.3.CR1.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/juli/6.0.18/juli-6.0.18.jar"/> + <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-tomcat/naming-resources/5.5.12/naming-resources-5.5.12.jar"/> + <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/tomcat/servlet-api/6.0.18/servlet-api-6.0.18.jar"/> + <classpathentry kind="var" path="M2_REPO/stax/stax-api/1.0/stax-api-1.0.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-tomcat/tomcat-http/5.5.12/tomcat-http-5.5.12.jar"/> + <classpathentry kind="var" path="M2_REPO/apache-tomcat/tomcat-util/5.5.12/tomcat-util-5.5.12.jar"/> + <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.1/xmlsec-1.4.1.jar"/> + <classpathentry combineaccessrules="false" kind="src" path="/identity-fed-api"/> + <classpathentry combineaccessrules="false" kind="src" path="/identity-fed-core"/> + <classpathentry combineaccessrules="false" kind="src" path="/identity-fed-model"/> + <classpathentry combineaccessrules="false" kind="src" path="/identity-xmlsecmodel"/> + <classpathentry kind="var" path="M2_REPO/sun-jaxws/jaxws-api/2.1.1/jaxws-api-2.1.1.jar"/> + <classpathentry kind="output" path="target-eclipse/classes"/> +</classpath> Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java =================================================================== --- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java (rev 0) +++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/servlets/InteropEndpointDebugTestCase.java 2009-03-17 15:43:03 UTC (rev 371) @@ -0,0 +1,135 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.bindings.servlets; + +import java.io.InputStream; +import java.net.URL; +import java.net.URLConnection; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.core.saml.v2.util.SOAPSAMLXACMLUtil; +import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Envelope; +import org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope.Fault; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; +import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.jboss.security.xacml.core.model.context.DecisionType; +import org.jboss.security.xacml.core.model.context.RequestType; +import org.jboss.security.xacml.core.model.context.ResultType; + + +/** + * Test Case that acts as a debug tool + * for the endpoint for interop + * @author Anil.Saldhana(a)redhat.com + * @since Mar 16, 2009 + */ +public class InteropEndpointDebugTestCase extends TestCase +{ + String endpoint = null; + // String endpoint = "http://interop.demo.jboss.com/test/SOAPServlet"; + //String endpoint = "http://localhost:8080/test/SOAPServlet"; + + public void testUseCase1() throws Exception + { + if(endpoint != null) + { + JAXBElement<?> jb = getResponse("xacml/requests/interop-request.xml"); + Envelope env = (Envelope) jb.getValue(); + check(env, true); + } + } + + public void testUseCase2() throws Exception + { + if(endpoint != null) + { + JAXBElement<?> jb = getResponse("xacml/requests/soap-request.xml"); + Envelope env = (Envelope) jb.getValue(); + check(env, true); + } + } + + public void testSAMLXACML() throws Exception + { + //Read the saml request from the file + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream("xacml/requests/samlxacml.xml"); + + Unmarshaller um = SOAPSAMLXACMLUtil.getUnmarshaller(); + um.setEventHandler(new javax.xml.bind.helpers.DefaultValidationEventHandler()); + + JAXBElement<?> obj = (JAXBElement<?>) um.unmarshal(is); + XACMLAuthzDecisionQueryType xat = (XACMLAuthzDecisionQueryType) obj.getValue(); + assertNotNull(xat); + RequestType requestType = xat.getRequest(); + assertTrue(requestType.getEnvironment().getAttribute().size() > 0); + } + + private void check(Envelope env, boolean permit) + { + JAXBElement<?> samlResponse = (JAXBElement<?>) env.getBody().getAny().get(0); + Object response = samlResponse.getValue(); + if(response instanceof Fault) + { + Fault fault = (Fault) response; + System.out.println(fault.getFaultstring()); + fail("fault"); + } + ResponseType responseType = (ResponseType) response; + AssertionType at = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0); + XACMLAuthzDecisionStatementType xst = (XACMLAuthzDecisionStatementType) at.getStatementOrAuthnStatementOrAuthzDecisionStatement().get(0); + ResultType rt = xst.getResponse().getResult().get(0); + DecisionType dt = rt.getDecision(); + assertEquals(DecisionType.PERMIT, dt); + + if(permit) + assertEquals(DecisionType.PERMIT, dt); + else + assertEquals(DecisionType.DENY, dt); + } + + private JAXBElement<?> getResponse(String fileName) throws Exception + { + //Read the saml request from the file + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream(fileName); + + Unmarshaller um = SOAPSAMLXACMLUtil.getUnmarshaller(); + Object soapRequest = um.unmarshal(is); + + Marshaller m = SOAPSAMLXACMLUtil.getMarshaller(); + + URL url = new URL(endpoint); + URLConnection conn = url.openConnection(); + conn.setDoOutput(true); + m.marshal(soapRequest, conn.getOutputStream()); + + return (JAXBElement<?>) um.unmarshal(conn.getInputStream()); + } +} \ No newline at end of file Modified: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/tomcat/bindings/Tomcat5TestCase.java =================================================================== --- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/tomcat/bindings/Tomcat5TestCase.java 2009-03-17 15:41:08 UTC (rev 370) +++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/tomcat/bindings/Tomcat5TestCase.java 2009-03-17 15:43:03 UTC (rev 371) @@ -32,19 +32,23 @@ */ public class Tomcat5TestCase extends TestCase { + boolean enable = false; + public void testTomcat5() throws Exception { - Tomcat5Embedded emb = new Tomcat5Embedded(); - emb.setHomePath("target/tomcat"); - emb.startServer(); - Thread.sleep(2000); - assertTrue("Tomcat5 started", emb.hasStarted()); - - // emb.createContext("target/../identity-samples/samples/employee/target/employee.war"); - + if(enable) + { + Tomcat5Embedded emb = new Tomcat5Embedded(); + emb.setHomePath("target/tomcat"); + emb.startServer(); + Thread.sleep(2000); + assertTrue("Tomcat5 started", emb.hasStarted()); - emb.stopServer(); - Thread.sleep(1000); - assertTrue(emb.hasStopped()); + // emb.createContext("target/../identity-samples/samples/employee/target/employee.war"); + + emb.stopServer(); + Thread.sleep(1000); + assertTrue(emb.hasStopped()); + } } } \ No newline at end of file Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/samlxacml.xml =================================================================== --- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/samlxacml.xml (rev 0) +++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/samlxacml.xml 2009-03-17 15:43:03 UTC (rev 371) @@ -0,0 +1,89 @@ +<?xml version="1.0" encoding="UTF-8"?> +<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Consent="consent-uri" + Destination="destination-uri" ID="s292657a1c39f12d36dd1f1ba2cf834bb2ebad825c" + IssueInstant="2009-03-16T19:01:52Z" Version="2.0" + xacml-samlp:InputContextOnly="true" xacml-samlp:ReturnContext="true" + xsi:type="xacml-samlp:XACMLAuthzDecisionQueryType"> + <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity + </saml:Issuer> + <xacml-context:Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/" + xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-... + <Subject + SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>Doctor,Bob</AttributeValue> + </Attribute> + <Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:role" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>physician</AttributeValue> + </Attribute> + <Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006 + </AttributeValue> + </Attribute> + <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>Healthcare Domain A</AttributeValue> + </Attribute> + </Subject> + <xacml-context:Resource> + <Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue> + urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record + </AttributeValue> + </Attribute> + <Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005 + </AttributeValue> + <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003 + </AttributeValue> + </Attribute> + <Attribute + AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>MA</AttributeValue> + </Attribute> + <Attribute + AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications:dissented-subject-id" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>Doctor, Bob I</AttributeValue> + </Attribute> + </xacml-context:Resource> + <xacml-context:Action> + <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>read</AttributeValue> + </Attribute> + </xacml-context:Action> + <xacml-context:Environment> + <Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality" + DataType="http://www.w3.org/2001/XMLSchema#string"> + <AttributeValue>Healthcare Domain A</AttributeValue> + </Attribute> + </xacml-context:Environment> + </xacml-context:Request> + +</samlp:RequestAbstract> \ No newline at end of file Added: identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/soap-request.xml =================================================================== --- identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/soap-request.xml (rev 0) +++ identity-federation/trunk/identity-bindings/src/test/resources/xacml/requests/soap-request.xml 2009-03-17 15:43:03 UTC (rev 371) @@ -0,0 +1,56 @@ +<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">&... +<samlp:RequestAbstract xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xsi:type="xacml-samlp:XACMLAuthzDecisionQuery" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os" xacml-samlp:InputContextOnly="true" xacml-samlp:ReturnContext="true" ID="s292657a1c39f12d36dd1f1ba2cf834bb2ebad825c" Version="2.0" IssueInstant="2009-03-16T19:01:52Z" Destination="destination-uri" Consent="consent-uri"> +<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">vaPepEntity</saml:Issuer> +<xacml-context:Request + xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance/" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-... +<Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> +<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>Doctor,Bob</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>physician</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>Healthcare Domain A</AttributeValue> +</Attribute> +</Subject> +<xacml-context:Resource> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue> +<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>MA</AttributeValue> +</Attribute> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:medications:dissented-subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>Doctor, Bob I</AttributeValue> +</Attribute> +</xacml-context:Resource> +<xacml-context:Action> +<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>read</AttributeValue> +</Attribute> +</xacml-context:Action> +<xacml-context:Environment> +<Attribute AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality" DataType="http://www.w3.org/2001/XMLSchema#string" > +<AttributeValue>Healthcare Domain A</AttributeValue> +</Attribute> +</xacml-context:Environment> +</xacml-context:Request> + +</samlp:RequestAbstract> +</soap-env:Body></soap-env:Envelope> \ No newline at end of file