[jboss-cvs] JBossAS SVN: r71270 - projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 25 16:24:19 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-03-25 16:24:19 -0400 (Tue, 25 Mar 2008)
New Revision: 71270
Modified:
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
Log:
update the interop policies
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-25 19:59:13 UTC (rev 71269)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-01-top-level.xml 2008-03-25 20:24:19 UTC (rev 71270)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -12,7 +12,7 @@
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel:CDA"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel:CDA"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
@@ -22,41 +22,39 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string"
- >CDA</AttributeValue>
+ >UBA</AttributeValue>
<ResourceAttributeDesignator
AttributeId=
- "urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
+ "urn:xacml:2.0:interop:example:resource:confidentiality-code"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ >MA</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId=
+ "urn:xacml:2.0:interop:example:resource:hl7:confidentiality-code"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
</Resources>
</Target>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:CDA</PolicySetIdReference>
+ >urn:xacml:2.0:interop:example:policysetid:CDA</PolicySetIdReference>
</PolicySet>
<PolicySet
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:toplevel:N"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:toplevel:N"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
<Target>
- <Resources>
- <Resource>
- <ResourceMatch
- MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue
- DataType="http://www.w3.org/2001/XMLSchema#string"
- >N</AttributeValue>
- <ResourceAttributeDesignator
- AttributeId=
- "urn:oasis:names:tc:xacml:interop:resource:confidentiality-code"
- DataType="http://www.w3.org/2001/XMLSchema#string"/>
- </ResourceMatch>
- </Resource>
- </Resources>
</Target>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:N</PolicySetIdReference>
+ >urn:xacml:2.0:interop:example:policysetid:N</PolicySetIdReference>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:N:PermCollections</PolicySetIdReference>
+ >urn:xacml:2.0:interop:example:policysetid:N:PermCollections</PolicySetIdReference>
</PolicySet>
-</PolicySet>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-25 19:59:13 UTC (rev 71269)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02b-N.xml 2008-03-25 20:24:19 UTC (rev 71270)
@@ -4,17 +4,17 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:N"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
- Policy set for the N confidentiality code.
+ Policy set for evaluating the subject:role attributes.
This implements an RBAC policy. This policy set matches
subject roles and refers to permission policy sets.
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:physician"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:RPS:physician"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
@@ -24,7 +24,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:role:physician</AttributeValue>
+ >urn:xacml:2.0:interop:example:role:hl7:physician</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -33,6 +33,6 @@
</Subjects>
</Target>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role</PolicySetIdReference>
+ >urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
</PolicySet>
-</PolicySet>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-25 19:59:13 UTC (rev 71269)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-02c-N-PermCollections.xml 2008-03-25 20:24:19 UTC (rev 71270)
@@ -4,17 +4,17 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:PermCollections"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:PermCollections"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
- Policy set for the N confidentiality code.
+ Policy set for evaluating the subject:hl7:permission attributes.
This implements an RBAC policy. This policy set matches
subject roles and refers to permission policy sets.
</Description>
<Target/>
<PolicySet
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:med-rec-perm-set"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:med-rec-perm-set"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Target>
@@ -24,7 +24,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-003</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-003</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -33,16 +33,16 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-005</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-005</AttributeValue>
<SubjectAttributeDesignator
- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
+ AttributeId="urn:oasis:names:tc:xacml:2.0:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</SubjectMatch>
<SubjectMatch
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-006</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-006</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -51,7 +51,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-009</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-009</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -60,7 +60,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-010</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-010</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -69,7 +69,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-012</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-012</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -78,7 +78,7 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:hl7:prd-017</AttributeValue>
+ >urn:xacml:2.0:interop:example:hl7:prd-017</AttributeValue>
<SubjectAttributeDesignator
AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
@@ -87,6 +87,6 @@
</Subjects>
</Target>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role</PolicySetIdReference>
+ >urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole</PolicySetIdReference>
</PolicySet>
-</PolicySet>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2008-03-25 19:59:13 UTC (rev 71269)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-03-N-RPS-virt-med-rec-role.xml 2008-03-25 20:24:19 UTC (rev 71270)
@@ -5,7 +5,7 @@
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
PolicySetId=
- "urn:oasis:names:tc:xacml:interop:policysetid:N:RPS:virt-med-rec-role"
+ "urn:xacml:2.0:interop:example:policysetid:N:RPS:med-rec-vrole"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -14,5 +14,5 @@
</Description>
<Target/>
<PolicySetIdReference
- >urn:oasis:names:tc:xacml:interop:policysetid:N:PPS:PRD-004</PolicySetIdReference>
-</PolicySet>
+ >urn:xacml:2.0:interop:example:policysetid:N:PPS:PRD-004</PolicySetIdReference>
+</PolicySet>
\ No newline at end of file
Modified: projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml
===================================================================
--- projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-25 19:59:13 UTC (rev 71269)
+++ projects/security/security-xacml/trunk/jboss-xacml/src/resources/test/policies/rsaconf/XacmlPolicySet-04-N-PPS-PRD-004.xml 2008-03-25 20:24:19 UTC (rev 71270)
@@ -4,7 +4,7 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
- PolicySetId="urn:oasis:names:tc:xacml:interop:policysetid:N:PPS:PRD-004"
+ PolicySetId="urn:xacml:2.0:interop:example:policysetid:N:PPS:PRD-004"
PolicyCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
<Description>
@@ -13,7 +13,7 @@
</Description>
<Target/>
<Policy
- PolicyId="urn:oasis:names:tc:xacml:interop:policyid:N:PPS:PRD-004:1"
+ PolicyId="urn:xacml:2.0:interop:example:policyid:N:PPS:PRD-004:1"
RuleCombiningAlgId=
"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Target>
@@ -23,17 +23,41 @@
MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#anyURI"
- >urn:oasis:names:tc:xacml:interop:resource:medical-record</AttributeValue>
+ >urn:xacml:2.0:interop:example:resource:hl7:medical-record</AttributeValue>
<ResourceAttributeDesignator
- AttributeId="urn:oasis:names:tc:xacml:interop:resource:type"
+ AttributeId="urn:xacml:2.0:interop:example:resource:type"
DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
</Target>
<Rule
- RuleId="urn:oasis:names:tc:xacml:interop:policy:N:PPS:PRD-004:1:rule:1"
+ RuleId="urn:xacml:2.0:interop:example:policy:N:PPS:PRD-004:1:rule:1"
Effect="Permit">
+ <Condition>
+
+ <!-- Returns true iff the first argument is a subset of the second argument -->
+ <!-- i.e. the permissions required by the resource must be a -->
+ <!-- subset of the permissions supplied by the subject -->
+
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
+
+ <!-- 1st argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:xacml:2.0:interop:example:resource:hl7:permission" -->
+ <ResourceAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:xacml:2.0:interop:example:resource:hl7:permission"/>
+
+ <!-- 2nd argument: returns the values of all Attributes with -->
+ <!-- DataType="http://www.w3.org/2001/XMLSchema#string" and -->
+ <!-- AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission" -->
+ <SubjectAttributeDesignator
+ DataType="http://www.w3.org/2001/XMLSchema#string"
+ AttributeId="urn:xacml:2.0:interop:example:subject:hl7:permission"/>
+
+ </Apply>
+ </Condition>
</Rule>
</Policy>
-</PolicySet>
+</PolicySet>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list