You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openaz.apache.org by pd...@apache.org on 2015/04/13 17:38:47 UTC
[47/51] [partial] incubator-openaz git commit: Initial seed of merged
of AT&T and JP Morgan code
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedAuditObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedAuditObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedAuditObligationHandler.java
new file mode 100755
index 0000000..c7a6780
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedAuditObligationHandler.java
@@ -0,0 +1,36 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationStore;
+import org.openliberty.openaz.pepapi.ObligationStoreAware;
+import org.openliberty.openaz.pepapi.MatchAnyObligation;
+
+import java.util.Set;
+
+@MatchAnyObligation("urn:oasis:names:tc:xacml:2.0:obligation:audit")
+public class AnnotatedAuditObligationHandler implements ObligationStoreAware {
+
+ private static Log log = LogFactory.getLog(AnnotatedAuditObligationHandler.class);
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 1) {
+ for(Obligation obligation: obligationSet) {
+ Assert.assertEquals("urn:oasis:names:tc:xacml:2.0:obligation:audit", obligation.getId());
+ log.info(obligation.getId());
+ }
+ }else {
+ Assert.assertFalse(true);
+ }
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedCatchAllObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedCatchAllObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedCatchAllObligationHandler.java
new file mode 100755
index 0000000..0e74d8d
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedCatchAllObligationHandler.java
@@ -0,0 +1,36 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationStore;
+import org.openliberty.openaz.pepapi.ObligationStoreAware;
+import org.openliberty.openaz.pepapi.MatchAnyObligation;
+
+import java.util.HashSet;
+import java.util.Set;
+
+@MatchAnyObligation
+public class AnnotatedCatchAllObligationHandler implements ObligationStoreAware {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 2) {
+ Set<String> obligationIds = new HashSet<String>();
+ for(Obligation oblg: obligationSet){
+ obligationIds.add(oblg.getId());
+ }
+ Assert.assertTrue(obligationIds.contains("urn:oasis:names:tc:xacml:2.0:obligation:obligation-1"));
+ Assert.assertTrue(obligationIds.contains("urn:oasis:names:tc:xacml:2.0:obligation:obligation-2"));
+ }else {
+ Assert.assertFalse(true);
+ }
+
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedFilteringObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedFilteringObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedFilteringObligationHandler.java
new file mode 100755
index 0000000..29f49a0
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedFilteringObligationHandler.java
@@ -0,0 +1,36 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationStore;
+import org.openliberty.openaz.pepapi.ObligationStoreAware;
+import org.openliberty.openaz.pepapi.Attribute;
+import org.openliberty.openaz.pepapi.MatchAllObligationAttributes;
+
+import java.util.Set;
+
+@MatchAllObligationAttributes({
+ @Attribute(id="jpmc:obligation:obligation-type", anyValue="Filtering"),
+ @Attribute(id="urn:oasis:names:tc:xacml:1.0:subject:subject-id")
+})
+public class AnnotatedFilteringObligationHandler implements ObligationStoreAware {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 1) {
+ for(Obligation obligation: obligationSet) {
+ Assert.assertEquals("urn:oasis:names:tc:xacml:2.0:obligation:obligation-1",
+ obligation.getId());
+ }
+ }else {
+ Assert.assertFalse(true);
+ }
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedObligationHandler.java
new file mode 100755
index 0000000..57d5adf
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedObligationHandler.java
@@ -0,0 +1,19 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import org.openliberty.openaz.pepapi.Attribute;
+import org.openliberty.openaz.pepapi.MatchAllObligationAttributes;
+import org.openliberty.openaz.pepapi.MatchAnyObligation;
+
+@MatchAnyObligation({"jpmc:obligation:one","jpmc:obligation:two","jpmc:obligation:three"})
+@MatchAllObligationAttributes({
+ @Attribute(id="jpmc:obligation:obligation-type", anyValue={"FILTERING","REDACTION"}),
+ @Attribute(id="jpmc:resource:attribute:resource-type", anyValue={"Card"}),
+ @Attribute(id="jpmc:obligation:attribute:attribute-1")
+})
+public class AnnotatedObligationHandler {
+
+ public void enforce() {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedRedactionObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedRedactionObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedRedactionObligationHandler.java
new file mode 100755
index 0000000..780a69e
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AnnotatedRedactionObligationHandler.java
@@ -0,0 +1,35 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationStore;
+import org.openliberty.openaz.pepapi.ObligationStoreAware;
+import org.openliberty.openaz.pepapi.Attribute;
+import org.openliberty.openaz.pepapi.MatchAllObligationAttributes;
+
+import java.util.Set;
+
+@MatchAllObligationAttributes(
+ @Attribute(id="urn:oasis:names:tc:xacml:1.0:subject:age")
+)
+public class AnnotatedRedactionObligationHandler implements ObligationStoreAware {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 1) {
+ for(Obligation obligation: obligationSet) {
+ Assert.assertEquals("urn:oasis:names:tc:xacml:2.0:obligation:obligation-2",
+ obligation.getId());
+ }
+ }else {
+ Assert.assertFalse(true);
+ }
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AuditObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AuditObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AuditObligationHandler.java
new file mode 100755
index 0000000..64c6c41
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/AuditObligationHandler.java
@@ -0,0 +1,37 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationHandler;
+import org.openliberty.openaz.pepapi.ObligationStore;
+
+import java.util.Set;
+
+public class AuditObligationHandler implements ObligationHandler {
+
+ private static Log log = LogFactory.getLog(AuditObligationHandler.class);
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> auditOblgSet = obligationStore.getHandlerObligations(this.getClass());
+ Assert.assertEquals(true, auditOblgSet.size() == 1);
+ Obligation auditOblg = obligationStore.getHandlerObligationById(
+ this.getClass(),
+ "urn:oasis:names:tc:xacml:2.0:obligation:audit");
+ Assert.assertNotNull(auditOblg);
+ log.info(auditOblg.getId());
+ }
+
+ @Override
+ public boolean match(Obligation t) {
+ return t.getId().equals("urn:oasis:names:tc:xacml:2.0:obligation:audit");
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/CatchAllObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/CatchAllObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/CatchAllObligationHandler.java
new file mode 100755
index 0000000..68732f3
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/CatchAllObligationHandler.java
@@ -0,0 +1,41 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationHandler;
+import org.openliberty.openaz.pepapi.ObligationStore;
+
+import java.util.HashSet;
+import java.util.Set;
+
+
+public class CatchAllObligationHandler implements ObligationHandler {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 2) {
+ Set<String> obligationIds = new HashSet<String>();
+ for(Obligation oblg: obligationSet){
+ obligationIds.add(oblg.getId());
+ }
+ Assert.assertTrue(obligationIds.contains("urn:oasis:names:tc:xacml:2.0:obligation:obligation-1"));
+ Assert.assertTrue(obligationIds.contains("urn:oasis:names:tc:xacml:2.0:obligation:obligation-2"));
+ }else {
+ Assert.assertFalse(true);
+ }
+
+ }
+
+ @Override
+ public boolean match(Obligation obligation) {
+ return true;
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/FilteringObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/FilteringObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/FilteringObligationHandler.java
new file mode 100755
index 0000000..427b1e3
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/FilteringObligationHandler.java
@@ -0,0 +1,45 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationHandler;
+import org.openliberty.openaz.pepapi.ObligationStore;
+
+import java.util.Map;
+import java.util.Set;
+
+public class FilteringObligationHandler implements ObligationHandler {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 1) {
+ for(Obligation obligation: obligationSet) {
+ Assert.assertEquals("urn:oasis:names:tc:xacml:2.0:obligation:obligation-1",
+ obligation.getId());
+ }
+ }else {
+ Assert.assertFalse(true);
+ }
+ }
+
+ @Override
+ public boolean match(Obligation obligation) {
+ Map<String, Object[]> map = obligation.getAttributeMap();
+ if(map.containsKey("jpmc:obligation:obligation-type")) {
+ Object[] values = map.get("jpmc:obligation:obligation-type");
+ if(values != null && values.length != 0) {
+ for(Object value: values) {
+ return value.equals("Filtering");
+ }
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/RedactionObligationHandler.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/RedactionObligationHandler.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/RedactionObligationHandler.java
new file mode 100755
index 0000000..7a262b0
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/obligation/RedactionObligationHandler.java
@@ -0,0 +1,37 @@
+package org.openliberty.openaz.pepapi.std.test.obligation;
+
+import junit.framework.Assert;
+import org.openliberty.openaz.pepapi.Obligation;
+import org.openliberty.openaz.pepapi.ObligationHandler;
+import org.openliberty.openaz.pepapi.ObligationStore;
+
+import java.util.Map;
+import java.util.Set;
+
+public class RedactionObligationHandler implements ObligationHandler {
+
+ private ObligationStore obligationStore;
+
+ public void enforce() {
+ Set<Obligation> obligationSet = obligationStore.getHandlerObligations(this.getClass());
+ if(obligationSet.size() == 1) {
+ for(Obligation obligation: obligationSet) {
+ Assert.assertEquals("urn:oasis:names:tc:xacml:2.0:obligation:obligation-2",
+ obligation.getId());
+ }
+ }else {
+ Assert.assertFalse(true);
+ }
+ }
+
+ @Override
+ public boolean match(Obligation obligation) {
+ Map<String, Object[]> map = obligation.getAttributeMap();
+ return map.containsKey("urn:oasis:names:tc:xacml:1.0:subject:age");
+ }
+
+ @Override
+ public void setObligationStore(ObligationStore obligationStore) {
+ this.obligationStore = obligationStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/AzInvoker.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/AzInvoker.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/AzInvoker.java
new file mode 100755
index 0000000..e6b524a
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/AzInvoker.java
@@ -0,0 +1,53 @@
+package org.openliberty.openaz.pepapi.std.test.util;
+
+import org.openliberty.openaz.pepapi.PepAgent;
+import org.openliberty.openaz.pepapi.PepResponse;
+
+import java.util.concurrent.Callable;
+
+
+public class AzInvoker implements Callable<String> {
+
+ private final PepAgent pepAgent;
+
+ private final Object subject;
+
+ private final Object action;
+
+ private final Object resource;
+
+ private final long sleepDuration;
+
+ private final HasResult handler;
+
+ public AzInvoker(PepAgent pepAgent, Object subject, Object action,
+ Object resource, HasResult handler, long sleepDuration) {
+ this.pepAgent = pepAgent;
+ this.subject = subject;
+ this.action = action;
+ this.resource = resource;
+ this.handler = handler;
+ this.sleepDuration = sleepDuration;
+ }
+
+ private String invoke()throws InterruptedException{
+ PepResponse response = pepAgent.decide(subject, action, resource);
+ if(response != null){
+ response.allowed();
+ }
+ Thread.sleep(this.sleepDuration);
+ return handler.getResult();
+ }
+
+ public String call() throws Exception {
+ return invoke();
+ }
+
+ public long getSleepDuration() {
+ return sleepDuration;
+ }
+
+ public HasResult getPep() {
+ return handler;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/HasResult.java
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/HasResult.java b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/HasResult.java
new file mode 100755
index 0000000..c22258f
--- /dev/null
+++ b/openaz-pep/src/test/java/org/openliberty/openaz/pepapi/std/test/util/HasResult.java
@@ -0,0 +1,7 @@
+package org.openliberty.openaz.pepapi.std.test.util;
+
+public interface HasResult {
+
+ public String getResult();
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/log4j.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/log4j.xml b/openaz-pep/src/test/resources/log4j.xml
new file mode 100755
index 0000000..ff481f9
--- /dev/null
+++ b/openaz-pep/src/test/resources/log4j.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<log4j:configuration xmlns:log4j='http://jakarta.apache.org/log4j/'>
+
+ <appender name="consoleAppender" class="org.apache.log4j.ConsoleAppender">
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{HH:mm:ss.SSS} [%t] %5p %c{1} - %m%n"/>
+ </layout>
+ </appender>
+
+ <appender name="fileAppender" class="org.apache.log4j.RollingFileAppender">
+ <param name="append" value="false"/>
+ <param name="file" value="target/openaz-junit-tests.log"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d{HH:mm:ss.SSS} [%t] %5p %c{1} - %m%n"/>
+ </layout>
+ </appender>
+
+ <logger name="org.openliberty.openaz">
+ <level value="debug"/>
+ </logger>
+
+ <logger name="org.springframework">
+ <level value="error"/>
+ </logger>
+
+ <root>
+ <level value="debug"/>
+ <appender-ref ref="consoleAppender"/>
+ <!-- <appender-ref ref="fileAppender"/> -->
+ </root>
+
+</log4j:configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy001.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy001.xml b/openaz-pep/src/test/resources/policies/TestPolicy001.xml
new file mode 100755
index 0000000..4f2a711
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy001.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test001:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:test001:rule-1" Effect="Permit">
+ <Description>
+ Julius Hibbert can read or write Bart Simpson's medical record.
+ </Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy002.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy002.xml b/openaz-pep/src/test/resources/policies/TestPolicy002.xml
new file mode 100755
index 0000000..d0308c9
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy002.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Policy
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ PolicyId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIA2:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
+ <Description>
+ Policy for Conformance Test IIA001.
+ </Description>
+ <Target/>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:1.0:test-2:rule-1"
+ Effect="Permit">
+ <Description>
+ Physicians can read or write Bart Simpson's medical record.
+ </Description>
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ </Rule>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:1.0:test-2:rule-2"
+ Effect="Permit">
+ <Description>
+ Patient is allowed to read his/her medical record.
+ </Description>
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Patient</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">http://medico.com/record/patient/BartSimpson</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-owner"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"
+ SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy003.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy003.xml b/openaz-pep/src/test/resources/policies/TestPolicy003.xml
new file mode 100755
index 0000000..f730e34
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy003.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test003:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description></Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test003:rule1" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/abc</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test003:rule2" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI">file://repository/classified/xyz</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:oasis:names:tc:xacml:1.0:conformance-test:IIA3:rule3" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:integer-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#integer">101</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy004.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy004.xml b/openaz-pep/src/test/resources/policies/TestPolicy004.xml
new file mode 100755
index 0000000..83ec917
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy004.xml
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="urn:oasis:names:tc:xacml:2.0:test004:policy"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description></Description>
+ <Target/>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule1"
+ Effect="Permit">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_WRITER</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="jpmc:document:document-owner"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule
+ RuleId="urn:oasis:names:tc:xacml:1.0:mapper-test:rule2"
+ Effect="Permit">
+ <Description></Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_DOCUMENT_READER</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Document</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="jpmc:client:country-of-domicile"
+ Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <AttributeDesignator AttributeId="jpmc:request-context:country"
+ Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
+ DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy005.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy005.xml b/openaz-pep/src/test/resources/policies/TestPolicy005.xml
new file mode 100755
index 0000000..e8d43b5
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy005.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:2.0:test005:policyset"
+ PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
+ <Description>
+ PolicySet for Test 005.
+ </Description>
+ <Target/>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy1"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>
+ Policy for Test 005.
+ </Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule1"
+ Effect="Permit">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Physician</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ </Rule>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:simpletest"
+ FulfillOn="Permit">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy2"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>
+ Policy for Test 005.
+ </Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule2"
+ Effect="Permit">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">Patient</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ </Rule>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:age-restriction"
+ FulfillOn="Permit">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:age"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
+ </Obligation>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:audit"
+ FulfillOn="Permit"/>
+ </Obligations>
+ </Policy>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy3"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>
+ Policy for Test 005.
+ </Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule3"
+ Effect="Permit">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">InsuranceAgent</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:role-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">PatientMedicalRecord</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ </Rule>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:access-restriction"
+ FulfillOn="Permit">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-access-group"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_RESOURCE_ATTRIBUTE</AttributeAssignment>
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+ </Policy>
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/policies/TestPolicy006.xml
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/policies/TestPolicy006.xml b/openaz-pep/src/test/resources/policies/TestPolicy006.xml
new file mode 100755
index 0000000..d609e58
--- /dev/null
+++ b/openaz-pep/src/test/resources/policies/TestPolicy006.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PolicySet
+ xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
+ access_control-xacml-2.0-policy-schema-os.xsd"
+ PolicySetId="urn:oasis:names:tc:xacml:2.0:test005:policyset"
+ PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
+ <Description>
+ PolicySet for Test 005.
+ </Description>
+ <Target/>
+ <Policy PolicyId="urn:oasis:names:tc:xacml:2.0:test005:policy1"
+ RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>
+ Policy for Test 005.
+ </Description>
+ <Target/>
+ <Rule RuleId="urn:oasis:names:tc:xacml:2.0:test005:rule1"
+ Effect="Permit">
+ <Target>
+ <Subjects>
+ <Subject>
+ <SubjectMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">John Smith</AttributeValue>
+ <SubjectAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </SubjectMatch>
+ </Subject>
+ </Subjects>
+ <Resources>
+ <Resource>
+ <ResourceMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">resource1</AttributeValue>
+ <ResourceAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ResourceMatch>
+ </Resource>
+ </Resources>
+ <Actions>
+ <Action>
+ <ActionMatch
+ MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue
+ DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
+ <ActionAttributeDesignator
+ AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string"/>
+ </ActionMatch>
+ </Action>
+ </Actions>
+ </Target>
+ </Rule>
+ <Obligations>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:obligation-1"
+ FulfillOn="Permit">
+ <AttributeAssignment
+ AttributeId="jpmc:obligation:obligation-type"
+ DataType="http://www.w3.org/2001/XMLSchema#string">Filtering</AttributeAssignment>
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
+ </Obligation>
+ <Obligation
+ ObligationId="urn:oasis:names:tc:xacml:2.0:obligation:obligation-2"
+ FulfillOn="Permit">
+ <AttributeAssignment
+ AttributeId="urn:oasis:names:tc:xacml:1.0:subject:age"
+ DataType="http://www.w3.org/2001/XMLSchema#string">EVAL_SUBJECT_ATTRIBUTE</AttributeAssignment>
+ </Obligation>
+ </Obligations>
+ </Policy>
+</PolicySet>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/properties/testapi.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testapi.xacml.properties b/openaz-pep/src/test/resources/properties/testapi.xacml.properties
new file mode 100755
index 0000000..b45d2c1
--- /dev/null
+++ b/openaz-pep/src/test/resources/properties/testapi.xacml.properties
@@ -0,0 +1,20 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+xacml.rootPolicies=testPolicy
+testPolicy.file=src/test/resources/policies/TestPolicy001.xml
+
+# If there is a standard policy for the engine:
+# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties b/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
new file mode 100755
index 0000000..cb6d77b
--- /dev/null
+++ b/openaz-pep/src/test/resources/properties/testdatatypes.xacml.properties
@@ -0,0 +1,20 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+xacml.rootPolicies=testPolicy
+testPolicy.file=src/test/resources/policies/TestPolicy003.xml
+
+# If there is a standard policy for the engine:
+# xacml.att.stdPolicyFinderFactory.rootPolicyFile=/etc/stdpolicyset.xml
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
----------------------------------------------------------------------
diff --git a/openaz-pep/src/test/resources/properties/testmapper.xacml.properties b/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
new file mode 100755
index 0000000..12e1754
--- /dev/null
+++ b/openaz-pep/src/test/resources/properties/testmapper.xacml.properties
@@ -0,0 +1,24 @@
+# Default XACML Properties File
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+xacml.rootPolicies=testPolicy
+testPolicy.file=src/test/resources/policies/TestPolicy004.xml
+
+#pep properties
+pep.issuer=test
+pep.mapper.classes=org.openliberty.openaz.pepapi.std.test.mapper.BusinessRequestContextMapper,\
+ org.openliberty.openaz.pepapi.std.test.mapper.DocumentMapper, \
+ org.openliberty.openaz.pepapi.std.test.mapper.ClientMapper, \
+ org.openliberty.openaz.pepapi.std.test.mapper.MedicalRecordMapper
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Action.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Action.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Action.class
new file mode 100644
index 0000000..2337848
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Action.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ActionResourcePair.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ActionResourcePair.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ActionResourcePair.class
new file mode 100644
index 0000000..4ed0074
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ActionResourcePair.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Advice.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Advice.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Advice.class
new file mode 100644
index 0000000..5663013
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Advice.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Attribute.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Attribute.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Attribute.class
new file mode 100644
index 0000000..3ca8211
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Attribute.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/CategoryContainer.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/CategoryContainer.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/CategoryContainer.class
new file mode 100644
index 0000000..55f44fa
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/CategoryContainer.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Environment.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Environment.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Environment.class
new file mode 100644
index 0000000..2c2d853
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Environment.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/InvalidAnnotationException.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/InvalidAnnotationException.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/InvalidAnnotationException.class
new file mode 100644
index 0000000..3c8156c
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/InvalidAnnotationException.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MapperRegistry.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MapperRegistry.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MapperRegistry.class
new file mode 100644
index 0000000..c90e3dc
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MapperRegistry.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAllObligationAttributes.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAllObligationAttributes.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAllObligationAttributes.class
new file mode 100644
index 0000000..559631e
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAllObligationAttributes.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAnyObligation.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAnyObligation.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAnyObligation.class
new file mode 100644
index 0000000..b177a57
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/MatchAnyObligation.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Matchable.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Matchable.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Matchable.class
new file mode 100644
index 0000000..e68def5
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Matchable.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObjectMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObjectMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObjectMapper.class
new file mode 100644
index 0000000..f734523
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObjectMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Obligation.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Obligation.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Obligation.class
new file mode 100644
index 0000000..58100f3
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Obligation.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandler.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandler.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandler.class
new file mode 100644
index 0000000..380ef97
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandler.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandlerRegistry.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandlerRegistry.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandlerRegistry.class
new file mode 100644
index 0000000..c00f13b
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationHandlerRegistry.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationRouter.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationRouter.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationRouter.class
new file mode 100644
index 0000000..7f340b4
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationRouter.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStore.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStore.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStore.class
new file mode 100644
index 0000000..2d7c325
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStore.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStoreAware.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStoreAware.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStoreAware.class
new file mode 100644
index 0000000..d028684
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/ObligationStoreAware.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgent.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgent.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgent.class
new file mode 100644
index 0000000..867d637
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgent.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgentFactory.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgentFactory.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgentFactory.class
new file mode 100644
index 0000000..ad8c396
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepAgentFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepConfig.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepConfig.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepConfig.class
new file mode 100644
index 0000000..b99e517
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepConfig.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepException.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepException.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepException.class
new file mode 100644
index 0000000..bbf8f9f
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepException.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequest.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequest.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequest.class
new file mode 100644
index 0000000..17b60d9
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequest.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestAttributes.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestAttributes.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestAttributes.class
new file mode 100644
index 0000000..a883e56
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestAttributes.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestFactory.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestFactory.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestFactory.class
new file mode 100644
index 0000000..528ae1c
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepRequestFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponse.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponse.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponse.class
new file mode 100644
index 0000000..5ca7518
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponse.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseBehavior.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseBehavior.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseBehavior.class
new file mode 100644
index 0000000..ffae897
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseBehavior.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseFactory.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseFactory.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseFactory.class
new file mode 100644
index 0000000..4e8444f
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseFactory.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseType.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseType.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseType.class
new file mode 100644
index 0000000..f29a013
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PepResponseType.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PostDecisionHandler.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PostDecisionHandler.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PostDecisionHandler.class
new file mode 100644
index 0000000..42a8847
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PostDecisionHandler.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PreDecisionHandler.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PreDecisionHandler.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PreDecisionHandler.class
new file mode 100644
index 0000000..f063d54
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/PreDecisionHandler.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Resource.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Resource.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Resource.class
new file mode 100644
index 0000000..ed02ad2
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Resource.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Subject.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Subject.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Subject.class
new file mode 100644
index 0000000..4bc1534
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/Subject.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/UnhandleableObligationException.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/UnhandleableObligationException.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/UnhandleableObligationException.class
new file mode 100644
index 0000000..28d8c6f
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/UnhandleableObligationException.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionMapper.class
new file mode 100644
index 0000000..289d996
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionResourcePairMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionResourcePairMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionResourcePairMapper.class
new file mode 100644
index 0000000..137c003
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ActionResourcePairMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ArrayMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ArrayMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ArrayMapper.class
new file mode 100644
index 0000000..e1d5084
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ArrayMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CategoryContainerMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CategoryContainerMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CategoryContainerMapper.class
new file mode 100644
index 0000000..bdc1594
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CategoryContainerMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CollectionMapper.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CollectionMapper.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CollectionMapper.class
new file mode 100644
index 0000000..886b01e
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/CollectionMapper.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MatchAnyCriterion.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MatchAnyCriterion.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MatchAnyCriterion.class
new file mode 100644
index 0000000..0d05e93
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MatchAnyCriterion.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MultiRequest.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MultiRequest.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MultiRequest.class
new file mode 100644
index 0000000..c78308b
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/MultiRequest.class differ
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ObligationAttributeCriterion.class
----------------------------------------------------------------------
diff --git a/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ObligationAttributeCriterion.class b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ObligationAttributeCriterion.class
new file mode 100644
index 0000000..46edec4
Binary files /dev/null and b/openaz-pep/target/classes/org/openliberty/openaz/pepapi/std/ObligationAttributeCriterion.class differ