You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openaz.apache.org by pd...@apache.org on 2015/04/13 17:38:05 UTC
[05/51] [partial] incubator-openaz git commit: Initial seed of merged
of AT&T and JP Morgan code
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml
new file mode 100755
index 0000000..7a3ea98
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:82e231ef-24c4-42d7-90da-cdcb1fc2e965" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Bart</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:274963c8-a178-48dd-892d-7f53cd7dfbc8" Effect="Deny">
+ <Target/>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com:obligation:deny:D1" FulfillOn="Deny"/>
+ </ObligationExpressions>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml
new file mode 100755
index 0000000..75e6e40
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:eb9ea623-f64f-4cb6-a8c0-9c2b934bf11e" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:dfa632c1-0b8e-4f67-8c05-4e3b654102e4" Effect="Deny">
+ <Target/>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com:obligation:deny:D2" FulfillOn="Deny"/>
+ </ObligationExpressions>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml
new file mode 100755
index 0000000..7deacb8
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_na.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:6ca0abaf-151e-4da4-a105-1a7cf067db84" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target/>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml
new file mode 100755
index 0000000..a3dbdf4
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_no_match.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:7df0ff38-76e6-4eb5-bf17-e1f54e94b0e7" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:date-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2014-01-01</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-date" DataType="http://www.w3.org/2001/XMLSchema#date" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml
new file mode 100755
index 0000000..57b1ad2
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4a897a3a-d874-4eb7-b351-5075c093bb8b" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Homer</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:0861ebc7-7560-4df1-aee5-db50012dc740" Effect="Permit">
+ <Target/>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com:obligation:permit:P1" FulfillOn="Permit"/>
+ </ObligationExpressions>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml
new file mode 100755
index 0000000..c86b03b
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4cb8e62f-62a0-43bd-a43d-311d4451536f" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:5190a218-2f01-4723-ad30-b9d011d21a15" Effect="Permit">
+ <Target/>
+ <ObligationExpressions>
+ <ObligationExpression ObligationId="com:obligation:permit:P2" FulfillOn="Permit"/>
+ </ObligationExpressions>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json
new file mode 100755
index 0000000..e69f4c3
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.01.Permit.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Homer",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "write",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "foo bar",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json
new file mode 100755
index 0000000..56f8073
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.02.Permit.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Bart",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "read",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "HOF",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json
new file mode 100755
index 0000000..7836028
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.03.Permit.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Homer",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "read",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "HOF",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json
new file mode 100755
index 0000000..792781a
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.04.Deny.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Bart",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "execute",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "foo bar",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json
new file mode 100755
index 0000000..a312cfe
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.05.Deny.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Lisa",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "write",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "foo bar",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json
new file mode 100755
index 0000000..35be36b
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/requests/Request.06.Deny.json
@@ -0,0 +1,28 @@
+{
+ "Request" : {
+ "AccessSubject" : {
+ "Attribute" : [
+ {
+ "Value" : "Bart",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ }
+ ]
+ },
+ "Action" : {
+ "Attribute" : [
+ {
+ "Value" : "write",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:action:action-id"
+ }
+ ]
+ },
+ "Resource" : {
+ "Attribute" : [
+ {
+ "Value" : "foo bar",
+ "AttributeId" : "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ }
+ ]
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties
new file mode 100755
index 0000000..f984ec7
--- /dev/null
+++ b/openaz-xacml-test/testsets/algorithms/combinedPermitOverrides/xacml.properties
@@ -0,0 +1,46 @@
+#
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+#
+# When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into
+# into one PolicySet and use the given Policy Algorithm.
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides
+
+#
+# Set this as the algorithm and you will see request 03 and request 06 only return one obligation.
+#
+#xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable
+
+#
+# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
+# policies and PIP configuration as defined below. Otherwise, this is the configuration that
+# the embedded PDP uses.
+#
+
+# Policies to load
+#
+#xacml.rootPolicies=p1,p2,d1,d2,na,indet
+xacml.rootPolicies=p1,p2,d1,d2,na,no
+p1.file=testsets/algorithms/combinedPermitOverrides/policy_permit_P1.xml
+p2.file=testsets/algorithms/combinedPermitOverrides/policy_permit_P2.xml
+d1.file=testsets/algorithms/combinedPermitOverrides/policy_deny_D1.xml
+d2.file=testsets/algorithms/combinedPermitOverrides/policy_deny_D2.xml
+na.file=testsets/algorithms/combinedPermitOverrides/policy_na.xml
+no.file=testsets/algorithms/combinedPermitOverrides/policy_no_match.xml
+
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml b/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml
new file mode 100755
index 0000000..ae838f4
--- /dev/null
+++ b/openaz-xacml-test/testsets/annotation/AnnotationPolicy.v1.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:att:xacml:policy:id:5b82db34-1613-4108-8973-93074182dd94" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>A sample policy to demonstrate use of annotations in a Java class.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">www.mywebsite.com</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:8b257f30-4e06-4c8e-8fb7-691b9534d55c" Effect="Permit">
+ <Description>PERMIT - John can access it</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:4fe7c147-7811-4e30-a463-9135afb1cfc2" Effect="Deny">
+ <Description>DENY - Ringo cannot</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Ringo</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/annotation/xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/annotation/xacml.properties b/openaz-xacml-test/testsets/annotation/xacml.properties
new file mode 100755
index 0000000..dfa16e7
--- /dev/null
+++ b/openaz-xacml-test/testsets/annotation/xacml.properties
@@ -0,0 +1,37 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+#
+# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
+# policies and PIP configuration as defined below. Otherwise, this is the configuration that
+# the embedded PDP uses.
+#
+
+# Policies to load
+#
+xacml.rootPolicies=annotations
+annotations.file=testsets/annotation/AnnotationPolicy.v1.xml
+
+# PIP Engine Definition
+#
+xacml.pip.engines=
+
+#
+# These properties are for an attribute generator to build into requests.
+#
+#xacml.attribute.generator=
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml-perf.properties
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/conformance/xacml-perf.properties b/openaz-xacml-test/testsets/conformance/xacml-perf.properties
new file mode 100755
index 0000000..75b9639
--- /dev/null
+++ b/openaz-xacml-test/testsets/conformance/xacml-perf.properties
@@ -0,0 +1,30 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+#xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+
+# If there is a standard set of PIPEngines:
+# xacml.pip.engines=engine1,engine2,...,engineN
+# engine1.classname=com.att.research.xacmlpip.OraclePIP
+# engine1.prop1=foo
+# engine1.prop2=bar
+# ...
+# engine2.classname=com.att.research.xacmlpip.ActiveDirectoryPIP
+# ...
+#xacml.pip.engines=ConformancePIPEngine
+ConformancePIPEngine.classname=com.att.research.xacmlatt.pdp.test.conformance.ConformancePIPEngine
+ConformancePIPEngine.file=testsets/conformance/xacml3.0-ct-v.0.4/PIP.txt
+
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+# If there is a standard policy for the engine:
+# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-xacml-test/testsets/conformance/xacml.properties b/openaz-xacml-test/testsets/conformance/xacml.properties
new file mode 100755
index 0000000..5114d0c
--- /dev/null
+++ b/openaz-xacml-test/testsets/conformance/xacml.properties
@@ -0,0 +1,30 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+#xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+
+# If there is a standard set of PIPEngines:
+# xacml.pip.engines=engine1,engine2,...,engineN
+# engine1.classname=com.att.research.xacmlpip.OraclePIP
+# engine1.prop1=foo
+# engine1.prop2=bar
+# ...
+# engine2.classname=com.att.research.xacmlpip.ActiveDirectoryPIP
+# ...
+xacml.pip.engines=ConformancePIPEngine
+ConformancePIPEngine.classname=com.att.research.xacmlatt.pdp.test.conformance.ConformancePIPEngine
+ConformancePIPEngine.file=testsets/conformance/xacml3.0-ct-v.0.4/PIP.txt
+
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+# If there is a standard policy for the engine:
+# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml