You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openaz.apache.org by co...@apache.org on 2015/08/20 12:16:25 UTC
[08/51] [partial] incubator-openaz git commit: Moving testsets to
src/test/resources
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Policy.xml
new file mode 100755
index 0000000..9de36f1
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Policy.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID311.
+ Purpose: Case: Permit: RuleCombiningAlgorithm Ordered PermitOverrides
+ This test in conjunction with IID312 demonstrates that the ordered-permit-overrides at the Rule level takes the first rule that matches.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:rule2">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:obligation-1">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment1">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ <AdviceExpressions>
+ <AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:Advice-1">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment1">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beedlebrox" may not
+ read Bart Simpson's medical record. INDETERMINATE.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert
+ may not read Bart Simpson's medical record. DENY.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:rule5">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:obligation-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ <AdviceExpressions>
+ <AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:Advice-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+
+
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Response.xml
new file mode 100755
index 0000000..5a6b7aa
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID311Response.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Permit</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:obligation-1" >
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment1"
+ DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+ <AssociatedAdvice>
+ <Advice
+ AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:Advice-1">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID311:assignment1"
+ DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeAssignment>
+ </Advice>
+ </AssociatedAdvice>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Policy.xml
new file mode 100755
index 0000000..f2ab2d2
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Policy.xml
@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID312.
+ Purpose: Case: Permit: RuleCombiningAlgorithm Ordered PermitOverrides
+ This test in conjunction with IID311 demonstrates that the ordered-permit-overrides at the Rule level takes the first rule that matches.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+
+ <!-- Order (position in this file) of this policy is different than in IID312 - this one comes first, so its Obligations should be seen in Response -->
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:rule5">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:obligation-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ <AdviceExpressions>
+ <AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:Advice-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+
+
+
+
+
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:rule2">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:obligation-1">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment1">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ <AdviceExpressions>
+ <AdviceExpression AppliesTo="Permit" AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:Advice-1">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment1">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beedlebrox" may not
+ read Bart Simpson's medical record. INDETERMINATE.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert
+ may not read Bart Simpson's medical record. DENY.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:rule5">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:obligation-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+ </Rule>
+
+
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Response.xml
new file mode 100755
index 0000000..949ab8e
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID312Response.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Permit</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:obligation-2" >
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment2"
+ DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+ <AssociatedAdvice>
+ <Advice
+ AdviceId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:Advice-2">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID312:assignment2"
+ DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeAssignment>
+ </Advice>
+ </AssociatedAdvice>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Policy.xml
new file mode 100755
index 0000000..1af03be
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Policy.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID313:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID313.
+ Purpose: Case: Deny: RuleCombiningAlgorithm Ordered PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID313:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID313:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOTAPPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID313:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beeblebrox"
+ may perform any action on any resource. NOT APPLICABLE.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beeblebrox</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-tests:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID313:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert may not
+ perform any action on any resource. DENY.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Response.xml
new file mode 100755
index 0000000..e8b3bce
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID313Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Deny</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Policy.xml
new file mode 100755
index 0000000..f298399
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Policy.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID314:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID314.
+ Purpose: Case: Deny: RuleCombiningAlgorithm Ordered PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID314:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID314:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOT-APPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Response.xml
new file mode 100755
index 0000000..814ad79
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID314Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>NotApplicable</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Policy.xml
new file mode 100755
index 0000000..413d068
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Policy.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID315:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID315.
+ Purpose: Case: Indeterminate: RuleCombiningAlgorithm Ordered PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID315:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID315:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOT-APPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID315:rule3">
+ <Description>
+ A subject whose "test" attribute is Zaphod Beedlebrox may not
+ perform any action on any resource. INDETERMINATE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:test" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Response.xml
new file mode 100755
index 0000000..8c4957a
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID315Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Indeterminate</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Policy.xml
new file mode 100755
index 0000000..147fe04
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Policy.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides"
+ PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policyset"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ PolicySet for Conformance Test IID316.
+ Purpose: Case: Permit: PolicyCombiningAlgorithm Ordered PermitOverrides
+ In conjunction with IID317 this demonstrates that the first Policy in this file that returns Deny is the one used.
+ </Description>
+ <Target/>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policy1"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0">
+ <Description>
+ Policy1 for Conformance Test IID316.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policy2"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0">
+ <Description>
+ Policy2 for Conformance Test IID316.
+ </Description>
+ <Target/>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:rule2">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:obligation-1">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:assignment1">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+
+ </Policy>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policy3"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0">
+ <Description>
+ Policy3 for Conformance Test IID316.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beedlebrox" may not
+ read Bart Simpson's medical record. INDETERMINATE.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policy4"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0">
+ <Description>
+ Policy4 for Conformance Test IID316.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert
+ may not read Bart Simpson's medical record. DENY.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:policy5"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides"
+ Version="1.0">
+ <Description>
+ Policy5 for Conformance Test IID316.
+ </Description>
+ <Target/>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:rule5">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+ <ObligationExpressions>
+ <ObligationExpression FulfillOn="Permit" ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:obligation-2">
+ <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:assignment2">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">assignment2</AttributeValue>
+ </AttributeAssignmentExpression>
+ </ObligationExpression>
+ </ObligationExpressions>
+
+ </Policy>
+
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Response.xml
new file mode 100755
index 0000000..3373214
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID316Response.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Permit</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:obligation-1" >
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID316:assignment1"
+ DataType="http://www.w3.org/2001/XMLSchema#string">assignment1</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+
+ </Result>
+</Response>