Initial commit.
This commit is contained in:
parent
a33bc986a0
commit
876f2ecb46
|
@ -0,0 +1,114 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
PolicySetId="breakglass.prototype.MedicalRecord"
|
||||
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
|
||||
<Target>
|
||||
<Resources>
|
||||
<Resource>
|
||||
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">breakglass.prototype.MedicalRecord</AttributeValue>
|
||||
<ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
|
||||
</ResourceMatch>
|
||||
</Resource>
|
||||
</Resources>
|
||||
</Target>
|
||||
<Policy PolicyId="breakglass.prototype.MedicalRecord_default"
|
||||
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
|
||||
<Description>
|
||||
Default policy (no exception level) for MedicalRecord
|
||||
</Description>
|
||||
<Target>
|
||||
</Target>
|
||||
|
||||
<Rule RuleId="breakglass.prototype.MedicalRecord_default_rud_OCL1" Effect="Deny">
|
||||
<Target/>
|
||||
</Rule>
|
||||
|
||||
<Rule RuleId="breakglass.prototype.MedicalRecord_default_rud_OCL2" Effect="Permit">
|
||||
<Target>
|
||||
<Actions>
|
||||
<Action>
|
||||
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">update</AttributeValue>
|
||||
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
|
||||
</ActionMatch>
|
||||
</Action>
|
||||
<Action>
|
||||
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
|
||||
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
|
||||
</ActionMatch>
|
||||
</Action>
|
||||
<Action>
|
||||
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">delete</AttributeValue>
|
||||
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"/>
|
||||
</ActionMatch>
|
||||
</Action>
|
||||
</Actions>
|
||||
</Target>
|
||||
|
||||
<Condition>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
|
||||
<EnvironmentAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#time"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
|
||||
</Apply>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">00:00:00Z</AttributeValue>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">23:59:59Z</AttributeValue>
|
||||
</Apply>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
|
||||
<SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"/>
|
||||
</Apply>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
|
||||
<ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:owner"/>
|
||||
</Apply>
|
||||
</Apply>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
|
||||
<ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
|
||||
AttributeId="urn:owner"/>
|
||||
</Apply>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">helmut</AttributeValue>
|
||||
</Apply>
|
||||
</Apply>
|
||||
</Apply>
|
||||
<!-- Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of-all">
|
||||
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than"/>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-bag">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</AttributeValue>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
|
||||
</Apply>
|
||||
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-bag">
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">1</AttributeValue>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</AttributeValue>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">3</AttributeValue>
|
||||
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">4</AttributeValue>
|
||||
</Apply>
|
||||
</Apply -->
|
||||
</Condition>
|
||||
</Rule>
|
||||
</Policy>
|
||||
|
||||
|
||||
<Policy PolicyId="breakglass.prototype.MedicalRecord_FinalPolicy"
|
||||
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
|
||||
|
||||
<Target>
|
||||
|
||||
</Target>
|
||||
|
||||
|
||||
<Rule RuleId="breakglass.prototype.MedicalRecord_FinalRule" Effect="Deny"/>
|
||||
</Policy>
|
||||
</PolicySet>
|
Reference in New Issue