[jboss-cvs] JBossAS SVN: r71721 - in projects/security/security-xacml/trunk/jboss-xacml/src/tests: resources/test/config and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Apr 4 07:37:04 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-04 07:37:04 -0400 (Fri, 04 Apr 2008)
New Revision: 71721
Added:
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02e-MA.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02f-emergency.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-04.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-04.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-03.xml
Removed:
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml
projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml
Log:
update interop test, policies and requests
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/java/org/jboss/test/security/xacml/interop/rsaconf/PhysicianUnitTestCase.java 2008-04-04 11:37:04 UTC (rev 71721)
@@ -23,13 +23,13 @@
import java.io.InputStream;
-import junit.framework.TestCase;
-
import org.jboss.security.xacml.core.JBossPDP;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.XACMLConstants;
import org.jboss.test.security.xacml.factories.util.XACMLTestUtil;
+import junit.framework.TestCase;
+
//$Id$
/**
@@ -47,12 +47,9 @@
<!-- Test case 1-01: Should be Perm: Dr A has all reqd perms -->
<!-- **************************************************************** -->
**/
-
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-01-01.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-01-01.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
public void testRequest01_02() throws Exception
{
/**
@@ -60,11 +57,9 @@
<!-- Test case 1-02: Should be Deny: Dr A missing 2 reqd perms -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-01-02.xml");
- assertEquals("DENY?", XACMLConstants.DECISION_DENY, decision);
+ validateCase("XacmlRequest-01-02.xml", XACMLConstants.DECISION_DENY);
}
-
+
public void testRequest01_03() throws Exception
{
/**
@@ -72,11 +67,19 @@
<!-- Test case 1-03: Should be Perm: Dr A has all reqd perms +2 extra -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-01-03.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-01-03.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
+ public void testRequest01_04() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 1-04: Should be Deny: Dr A has no facility -->
+ <!-- **************************************************************** -->
+ */
+ validateCase("XacmlRequest-01-04.xml", XACMLConstants.DECISION_DENY);
+ }
+
public void testRequest02_01() throws Exception
{
/**
@@ -84,11 +87,9 @@
<!-- Test case 2-01: Should be Deny: provides role but needs perms -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-02-01.xml");
- assertEquals("DENY?", XACMLConstants.DECISION_DENY, decision);
+ validateCase("XacmlRequest-02-01.xml", XACMLConstants.DECISION_DENY);
}
-
+
public void testRequest02_02() throws Exception
{
/**
@@ -96,9 +97,7 @@
<!-- Test case 2-02: Should be Deny: Dr A is on dissented list -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-02-02.xml");
- assertEquals("DENY?", XACMLConstants.DECISION_DENY, decision);
+ validateCase("XacmlRequest-02-02.xml", XACMLConstants.DECISION_DENY);
}
public void testRequest02_03() throws Exception
@@ -108,11 +107,19 @@
<!-- Test case 2-03: Should be Perm: Dr A is not on dissented list -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-02-03.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-02-03.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
+ public void testRequest02_04() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 2-04: Should be Deny: Dr A is on dissented multi-list -->
+ <!-- **************************************************************** -->
+ **/
+ validateCase("XacmlRequest-02-04.xml", XACMLConstants.DECISION_DENY);
+ }
+
public void testRequest03_01() throws Exception
{
/**
@@ -120,11 +127,9 @@
<!-- Test case 3-01: Should be Deny: signed = Fals, Dr. A not author -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-03-01.xml");
- assertEquals("DENY?", XACMLConstants.DECISION_DENY, decision);
+ validateCase("XacmlRequest-03-01.xml", XACMLConstants.DECISION_DENY);
}
-
+
public void testRequest03_02() throws Exception
{
/**
@@ -132,11 +137,9 @@
<!-- Test case 3-02: Should be Permit: sign = True, Dr. A not author -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-03-02.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-03-02.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
public void testRequest03_03() throws Exception
{
/**
@@ -145,23 +148,50 @@
<!-- Test case 3-03: Should be Perm: signed = Fals, Dr. A is author -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-03-03.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-03-03.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
+ public void testRequest04_01() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 4-01: Should be Perm + Obl: Dr A has emergency perm -->
+ <!-- **************************************************************** -->
+ */
+ validateCase("XacmlRequest-04-01.xml", XACMLConstants.DECISION_PERMIT);
+ }
+
+ public void testRequest04_02() throws Exception
+ {
+ /**
+ <!-- **************************************************************** -->
+ <!-- Test case 04-02: Should be Perm + Obl: Dr A has emergency perm -->
+ <!-- **************************************************************** -->
+ */
+ validateCase("XacmlRequest-04-02.xml", XACMLConstants.DECISION_PERMIT);
+ }
+
+ public void testRequest04_03() throws Exception
+ {
+ /**
+ *
+ !-- **************************************************************** -->
+ <!-- Test case 4-03: Should be Deny+Obl: DrA has pea-001 but UBA set -->
+ <!-- **************************************************************** -->
+ */
+ validateCase("XacmlRequest-04-03.xml", XACMLConstants.DECISION_DENY);
+ }
+
public void testRequest05_01() throws Exception
{
/**
* **************************************************************** -->
- <!-- Test case 5-01: Should be Perm + Obl: Dr A is on dissented list -->
- <!-- **************************************************************** -->
+ <!-- Test case 5-01: Should be Perm + Obl: Dr A is on dissented list -->
+ <!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-05-01.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("XacmlRequest-05-01.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
public void testRequest05_02() throws Exception
{
/**
@@ -169,18 +199,14 @@
<!-- Test case 5-02: Should be Perm: no obl; Dr A not on dis-list -->
<!-- **************************************************************** -->
*/
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/XacmlRequest-05-02.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
- }
-
+ validateCase("XacmlRequest-05-02.xml", XACMLConstants.DECISION_PERMIT);
+ }
+
public void testPatientSearch() throws Exception
{
- System.setProperty("debug", "true");
- int decision = XACMLTestUtil.getDecision(getPDP(), "test/requests/interop/rsaconf08/patient_search.xml");
- assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT, decision);
+ validateCase("patient_search.xml", XACMLConstants.DECISION_PERMIT);
}
-
+
private PolicyDecisionPoint getPDP()
{
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
@@ -189,4 +215,22 @@
return new JBossPDP(is);
}
+
+ private void validateCase(String loc, int decisionval) throws Exception
+ {
+ loc = "test/requests/interop/rsaconf08/" + loc;
+
+ int decision = XACMLTestUtil.getDecision(getPDP(), loc);
+ switch(decisionval)
+ {
+ case XACMLConstants.DECISION_PERMIT:
+ assertEquals("PERMIT?", XACMLConstants.DECISION_PERMIT,decision);
+ break;
+ case XACMLConstants.DECISION_DENY:
+ assertEquals("DENY?", XACMLConstants.DECISION_DENY,decision);
+ break;
+ default: fail("wrong value");
+ }
+ }
+
}
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/config/rsaConferencePolicySetConfig.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -1,32 +1,35 @@
<ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0">
- <ns:Policies>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-01-top-level.xml</ns:Location>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml</ns:Location>
- </ns:PolicySet>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-02b-N.xml</ns:Location>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml</ns:Location>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml</ns:Location>
- </ns:PolicySet>
- </ns:PolicySet>
- </ns:PolicySet>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml</ns:Location>
- </ns:PolicySet>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml</ns:Location>
- </ns:PolicySet>
- <ns:PolicySet>
- <ns:Location>test/policies/rsaconf/XacmlPolicySet-2e-MA.xml</ns:Location>
- </ns:PolicySet>
- </ns:PolicySet>
- </ns:Policies>
- <ns:Locators>
- <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
- </ns:Locator>
- </ns:Locators>
-</ns:jbosspdp>
\ No newline at end of file
+ <ns:Policies>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-01-top-level.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02a-CDA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02b-N.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml</ns:Location>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02e-MA.xml</ns:Location>
+ </ns:PolicySet>
+ <ns:PolicySet>
+ <ns:Location>test/policies/rsaconf/XacmlPolicySet-02f-emergency.xml</ns:Location>
+ </ns:PolicySet>
+ </ns:PolicySet>
+ </ns:Policies>
+ <ns:Locators>
+ <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator">
+ </ns:Locator>
+ </ns:Locators>
+</ns:jbosspdp>
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -12,96 +12,103 @@
</Description>
<Target/>
<PolicySet
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:emergency</PolicySetIdReference>
+ </PolicySet>
+ <PolicySet
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:CDA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string"
- >UBA</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >UBA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:CDA</PolicySetIdReference>
</PolicySet>
<PolicySet
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:MA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >MA</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
- RuleCombiningAlgId=
- "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
- Effect="Permit">
- <Description>
- If a Deny was obtained for object above then set Permit by default.
- </Description>
- </Rule>
+ >MA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:MA</PolicySetIdReference>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA:default-to-permit"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA"
+ Effect="Permit">
+ <Description>
+ If a Deny was obtained for object above then set Permit by default.
+ </Description>
+ </Rule>
</Policy>
</PolicySet>
<PolicySet
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:bus-rule"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string"
+ <Target>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
>urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ </Target>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note</PolicySetIdReference>
</PolicySet>
<PolicySet
PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:toplevel:N"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
- <Target>
- </Target>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
- <PolicySetIdReference
- >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
+ <Target/>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N</PolicySetIdReference>
+ <PolicySetIdReference
+ >urn:va:xacml:2.0:interop:rsa8:policysetid:N:PermCollections</PolicySetIdReference>
</PolicySet>
</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02d-prog-note.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -8,7 +8,7 @@
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
- Policy set for the UBA confidentiality code.
+ Policy set for the business rule for unsigned progress notes.
</Description>
<Target/>
<Policy
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02e-MA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02e-MA.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02e-MA.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:MA"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set for the MA confidentiality code.
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:MA"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:1"
+ Effect="Deny">
+ <Description>
+ If the access subject is NOT one of those users which consent has
+ been removed, then deny.
+ Note: there is reverse logic here because the Obligation that denies
+ access to the user for this object must be issued when the user has
+ obtained a Permit. So, the caller of this policy must know to reverse
+ sense as well.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if hl7:radiology:dissented-subject-id NOTEQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <!-- True if hl7:radiology:dissented-subject-id EQUALTO subject:subject-id -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:resource:hl7:radiology:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:MA:2"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above then set Permit by default.
+ </Description>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation instructs the PEP to apply privacy constraints to -->
+ <!-- user's responsibility for the data. -->
+ <Obligation
+ ObligationId=
+ "urn:va:xacml:2.0:interop:rsa8:obligation:ma:privacy:constraint:radiology"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02f-emergency.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02f-emergency.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-02f-emergency.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:emergency"
+ PolicyCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
+ <Description>
+ Policy set to allow emergency access for non-facility subjects.
+ Returns Deny if user not from supported facility AND does not have emergency perm
+ Returns Permit if not from supported facility AND not denied access
+ Returns NotApplicable if plain old user from supported facility
+ </Description>
+ <Target/>
+ <Policy
+ PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:emergency"
+ RuleCombiningAlgId=
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Target/>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:deny"
+ Effect="Deny">
+ <Description>
+ If the subject is not from a supported facility AND
+. if the subject does not have emergency permission THEN Deny access.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <!-- AND if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ <!-- True if hl7:pea-001 NOT EQUAL TO ANYOF subject:hl7:permission -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:emergency:permit"
+ Effect="Permit">
+ <Description>
+ If a Deny was not obtained above AND subject not part of a supported
+ facility then subject must have emergency permission.
+ </Description>
+ <Target/>
+ <Condition>
+ <!-- True if subject:locality NOT EQUAL TO ANYOF environment:locality -->
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
+ <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId=
+ "urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ <EnvironmentAttributeDesignator
+ AttributeId=
+ "urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Obligations>
+ <!-- These obligations provide specific instructions to PEP in the response -->
+ <!-- This obligation informs the PEP user granted emergency access -->
+ <Obligation
+ ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:emergency:permit"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -15,7 +15,7 @@
<Policy
PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:N:PPS:PRD-004:1"
RuleCombiningAlgId=
- "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target>
<Resources>
<Resource>
@@ -122,7 +122,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progressnotes</AttributeValue>
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note</AttributeValue>
<ResourceAttributeDesignator
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
@@ -169,5 +169,12 @@
</Apply>
</Condition>
</Rule>
+ <Rule
+ RuleId="urn:va:xacml:2.0:interop:rsa8:rule:N:PPS:PRD-004:1:rule:2"
+ Effect="Deny">
+ <Description>
+ If a Permit was not obtained above then set Deny by default.
+ </Description>
+ </Rule>
</Policy>
</PolicySet>
\ No newline at end of file
Deleted: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/policies/rsaconf/XacmlPolicySet-2e-MA.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -1,79 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<PolicySet
- xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
- http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:va:xacml:2.0:interop:rsa8:policysetid:progress-note"
- PolicyCombiningAlgId=
- "urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
- <Description>
- Policy set for the UBA confidentiality code.
- </Description>
- <Target/>
- <Policy
- PolicyId="urn:va:xacml:2.0:interop:rsa8:policyid:progress-note"
- RuleCombiningAlgId=
- "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
- <Target/>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:sig"
- Effect="Permit">
- <Description>
- If the progress-note is signed allow any user to see it. If not signed
- then only author may see it.
- </Description>
- <Target/>
- <Condition>
- <!-- True if resource:hl7:progress-note:signed EQUAL TO True -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string"
- >True</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:signed"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:author"
- Effect="Permit">
- <Description>
- If a Permit was not obtained then subject must be author.
- </Description>
- <Target/>
- <Condition>
- <!-- True if hl7:dissented-subject-id EQUAL TO subject:subject-id -->
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
- <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
- <SubjectAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:va:xacml:2.0:interop:rsa8:resource:hl7:progress-note:author-subject-id"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </Apply>
- </Condition>
- </Rule>
- <Rule
- RuleId="urn:va:xacml:2.0:interop:rsa8:rule:progress-note:deny-sig"
- Effect="Deny">
- <Description>
- If a Permit was not obtained above then set Deny by default.
- </Description>
- </Rule>
- <Obligations>
- <!-- These obligations provide specific instructions to PEP in the response -->
- <!-- This obligation informs the PEP access denied unsigned non-author -->
- <Obligation
- ObligationId="urn:va:xacml:2.0:interop:rsa8:obligation:deny:unsigned:non-author"
- FulfillOn="Deny"/>
- </Obligations>
- </Policy>
-</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-01.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,18 +18,23 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
- <Attribute
- AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
- </Attribute>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
</Subject>
<Resource>
<Attribute
@@ -37,18 +42,18 @@
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Anthony Gurrola</AttributeValue>
</Attribute>
- <Attribute
- AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
- DataType="http://www.w3.org/2001/XMLSchema#string">
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
- <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
- </Attribute>
<Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>xxx-DummyConfCode</AttributeValue>
@@ -66,5 +71,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-02.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -19,6 +19,11 @@
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -64,5 +69,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-03.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,7 +18,12 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -64,5 +69,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-04.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-04.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-01-04.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 1-04: Should be Deny: Dr A has no facility -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-01.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -19,6 +19,11 @@
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -50,5 +55,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-02.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -19,6 +19,11 @@
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
</Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -66,5 +71,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-03.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,7 +18,12 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -66,5 +71,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-04.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-04.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-02-04.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 2-04: Should be Deny: Dr A is on dissented multi-list -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>UBA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Charlie</AttributeValue>
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-01.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,8 +18,13 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
- <Attribute
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
@@ -73,5 +78,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-02.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,7 +18,12 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -73,5 +78,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml 2008-04-04 11:34:44 UTC (rev 71720)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-03-03.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -18,7 +18,12 @@
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>Dr. Alice</AttributeValue>
- </Attribute>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
<Attribute
AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#string">
@@ -73,5 +78,11 @@
</Attribute>
</Resource>
<Action/>
- <Environment/>
-</Request>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-01.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-01.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-01.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 4-01: Should be Perm + Obl: Dr A has emergency perm -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility B</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-02.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-02.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-02.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 4-02: Should be Perm + Obl: Dr A has emergency perm -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility B</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
Added: projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-03.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-03.xml (rev 0)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/tests/resources/test/requests/interop/rsaconf08/XacmlRequest-04-03.xml 2008-04-04 11:37:04 UTC (rev 71721)
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Request
+ xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
+ http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
+
+ <!-- **************************************************************** -->
+ <!-- Test case 4-03: Should be Deny+Obl: DrA has pea-001 but UBA set -->
+ <!-- **************************************************************** -->
+
+ <!-- Sample request. In this case a physician is trying to access -->
+ <!-- The medical record of a patient. The record has been marked -->
+ <!-- with both the CDA and N confidentiality codes and -->
+ <!-- there is a registered consent for the record. -->
+ <Subject>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility A</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:subject:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-003</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-005</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-006</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-009</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-010</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-012</AttributeValue>
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:prd-017</AttributeValue>
+ </Attribute>
+ </Subject>
+ <Resource>
+ <Attribute
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Anthony Gurrola</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:permission"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>urn:va:xacml:2.0:interop:rsa8:hl7:pea-001</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>xxx-DummyConfCode</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>UBA</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:dissented-subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue>Dr. Alice</AttributeValue>
+ </Attribute>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:resource:hl7:type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">
+ <AttributeValue
+ >urn:va:xacml:2.0:interop:rsa8:resource:hl7:medical-record</AttributeValue>
+ </Attribute>
+ </Resource>
+ <Action/>
+ <Environment>
+ <Attribute
+ AttributeId="urn:va:xacml:2.0:interop:rsa8:environment:locality"
+ DataType="http://www.w3.org/2001/XMLSchema#string" >
+ <AttributeValue>Facility B</AttributeValue>
+ </Attribute>
+ </Environment>
+</Request>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list