You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openaz.apache.org by co...@apache.org on 2015/08/20 12:16:30 UTC
[13/51] [partial] incubator-openaz git commit: Moving testsets to
src/test/resources
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Response.xml
new file mode 100755
index 0000000..814ad79
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID007Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>NotApplicable</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Policy.xml
new file mode 100755
index 0000000..57517b0
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Policy.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides"
+ PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:policyset"
+ Version="1.0"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ PolicySet for Conformance Test IID008.
+ Purpose: Case: Another Deny (can't return Indeterminate): PolicyCombiningAlgorithm DenyOverrides
+ Note difference between 1.0 and 3.0: in 3.0 it DOES return Indeterminate.
+ </Description>
+ <Target/>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:policy1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
+ <Description>
+ Policy1 for Conformance Test IID008.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ perform any action on any resource. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:policy2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
+ <Description>
+ Policy2 for Conformance Test IID008.
+ </Description>
+ <Target/>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may perform any action on any resource. NOT-APPLICABLE.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:policy3" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
+ <Description>
+ Policy3 for Conformance Test IID008.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID008:rule3">
+ <Description>
+ A subject whose "test" attribute is Zaphod Beedlebrox may not
+ perform any action on any resource. INDETERMINATE.
+ </Description>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:test" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+ </Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Response.xml
new file mode 100755
index 0000000..8c4957a
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID008Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Indeterminate</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Policy.xml
new file mode 100755
index 0000000..5442fed
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Policy.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID009.
+ Purpose: Case: Permit: RuleCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:rule2">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beedlebrox" may not
+ read Bart Simpson's medical record. INDETERMINATE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID009:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert
+ may not read Bart Simpson's medical record. DENY.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Response.xml
new file mode 100755
index 0000000..a5087ec
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID009Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Permit</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Policy.xml
new file mode 100755
index 0000000..56af8a8
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Policy.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID010:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID010.
+ Purpose: Case: Deny: RuleCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID010:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID010:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOTAPPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID010:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beeblebrox"
+ may perform any action on any resource. NOT APPLICABLE.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beeblebrox</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-tests:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID010:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert may not
+ perform any action on any resource. DENY.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Response.xml
new file mode 100755
index 0000000..e8b3bce
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID010Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Deny</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Policy.xml
new file mode 100755
index 0000000..fe1bb5f
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Policy.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID011:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID011.
+ Purpose: Case: Deny: RuleCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID011:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID011:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOT-APPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Response.xml
new file mode 100755
index 0000000..814ad79
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID011Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>NotApplicable</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Policy.xml
new file mode 100755
index 0000000..cc892f4
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Policy.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID012:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ Policy for Conformance Test IID012.
+ Purpose: Case: Indeterminate: RuleCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID012:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID012:rule2">
+ <Description>
+ A subject who is at least 55 years older than Bart
+ Simpson may read Bart Simpson's medical record. NOT-APPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">55</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID012:rule3">
+ <Description>
+ A subject whose "test" attribute is Zaphod Beedlebrox may not
+ perform any action on any resource. INDETERMINATE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:test" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Response.xml
new file mode 100755
index 0000000..8c4957a
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID012Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Indeterminate</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Policy.xml
new file mode 100755
index 0000000..f687893
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Policy.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides" PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:policyset" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ PolicySet for Conformance Test IID013.
+ Purpose: Case: Permit: PolicyCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:policy1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy1 for Conformance Test IID013.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:policy2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy2 for Conformance Test IID013.
+ </Description>
+ <Target/>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:rule2">
+ <Description>
+ A subject who is at least 5 years older than Bart
+ Simpson may read Bart Simpson's medical record. PERMIT.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">5</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:policy3" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy3 for Conformance Test IID013.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:rule3">
+ <Description>
+ A subject whose "bogus" attribute is "Zaphod Beedlebrox" may not
+ read Bart Simpson's medical record. INDETERMINATE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Zaphod Beedlebrox</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:policy4" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy4 for Conformance Test IID013.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID013:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert
+ may not read Bart Simpson's medical record. DENY.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Response.xml
new file mode 100755
index 0000000..a5087ec
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID013Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Permit</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Policy.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Policy.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Policy.xml
new file mode 100755
index 0000000..31de4a9
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Policy.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-overrides" PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:policyset" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>
+ PolicySet for Conformance Test IID014.
+ </Description>
+ <Target/>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:policy1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy1 for Conformance Test IID014.
+ Purpose: Case: Deny: PolicyCombiningAlgorithm PermitOverrides
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:rule1">
+ <Description>
+ A subject whose name is J. Hibbert may not
+ read Bart Simpson's medical record. NOTAPPLICABLE
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">J. Hibbert</AttributeValue>
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:policy2" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy2 for Conformance Test IID014.
+ </Description>
+ <Target/>
+ <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:rule2">
+ <Description>
+ A subject who is at least 100 years older than Bart
+ Simpson may perform any action on any resource.
+ record. NOT APPLICABLE.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Apply>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">100</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:policy4" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0">
+ <Description>
+ Policy4 for Conformance Test IID014.
+ </Description>
+ <Target/>
+ <Rule Effect="Deny" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IID014:rule4">
+ <Description>
+ A subject whose name is Julius Hibbert may not
+ perform any action on any resource. DENY.
+ </Description>
+ <Condition>
+<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+</Apply>
+ </Condition>
+ </Rule>
+ </Policy>
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Request.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Request.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Request.xml
new file mode 100755
index 0000000..e5ce678
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Request.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ </Attribute>
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">45</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Attribute>
+ </Attributes>
+ <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
+ <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">10</AttributeValue>
+ </Attribute>
+ </Attributes>
+</Request>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/829582bd/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Response.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Response.xml b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Response.xml
new file mode 100755
index 0000000..e8b3bce
--- /dev/null
+++ b/openaz-xacml-test/src/test/resources/testsets/conformance/xacml3.0-ct-v.0.4/IID014Response.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<Response
+ xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+ http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+ <Result>
+ <Decision>Deny</Decision>
+ <Status>
+ <StatusCode
+ Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+ </Status>
+ </Result>
+</Response>