http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Policy.xml new file mode 100755 index 0000000..d6e4f4f --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Policy.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA001. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy>
http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Request.xml new file mode 100755 index 0000000..a1aa16f --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Request.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA001Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Policy.xml new file mode 100755 index 0000000..b0f83da --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Policy.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA002:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA002. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA002:rule"> + <Description> + A AllOf with a role attribute of "Physician" can read or + write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Physician</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:example:attribute:role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Request.xml new file mode 100755 index 0000000..a1aa16f --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Request.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA002Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Policy.xml new file mode 100755 index 0000000..d0f2480 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Policy.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA003. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:rule"> + <Description> + A subject with a "bogus" attribute with a value of + "Physician" can read or write Bart Simpson's medical + record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Physician</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:attribute:bogus" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Request.xml new file mode 100755 index 0000000..9db2680 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Request.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> + http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Response.xml new file mode 100755 index 0000000..d07bedf --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>NotApplicable</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003mvbPolicy.txt ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003mvbPolicy.txt b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003mvbPolicy.txt new file mode 100755 index 0000000..1e0d54b --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA003mvbPolicy.txt @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Policy + xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os + access_control-xacml-2.0-policy-schema-os.xsd" + PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:policy" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides"> + <Description> + Policy for Conformance Test IIA003. + </Description> + <Target/> + <Rule + RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA003:rule" + Effect="Permit"> + <Description> + A subject with a "bogus" attribute with a value of + "Physician" can read or write Bart Simpson's medical + record. + </Description> + <Target> + <Subjects> + <Subject> + <SubjectMatch + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string";>Physician</AttributeValue> + <SubjectAttributeDesignator + </SubjectMatch> + </Subject> + </Subjects> + <Resources> + <Resource> + <ResourceMatch + MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <ResourceAttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" + DataType="http://www.w3.org/2001/XMLSchema#anyURI"/> + </ResourceMatch> + </Resource> + </Resources> + <Actions> + <Action> + <ActionMatch + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <ActionAttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" + DataType="http://www.w3.org/2001/XMLSchema#string"/> + </ActionMatch> + </Action> + <Action> + <ActionMatch + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <ActionAttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" + DataType="http://www.w3.org/2001/XMLSchema#string"/> + </ActionMatch> + </Action> + </Actions> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Policy.xml new file mode 100755 index 0000000..f1be4a3 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA004. + This policy contains INTENTIONAL syntax error in AttributeDesigntor, + AttributeIt attribute is omitted. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical + record: syntax for the SubjectAttributeDesignator omits + the required AttributeId xml attribute, however. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Request.xml new file mode 100755 index 0000000..9753956 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Request.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Response.xml new file mode 100755 index 0000000..bc4223e --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Indeterminate</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:syntax-error"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Special.txt ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Special.txt b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Special.txt new file mode 100755 index 0000000..324cad2 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA004Special.txt @@ -0,0 +1,18 @@ +Special Instructions for Test Case II.A.4 + +The policy for this test contains a syntax error. + +If an initial policy with invalid syntax MAY EVER be evaluated by +the implementation's XACML PDP at the time a Request is received, +then this test MUST be passed. In this case, the result MUST be +consistent with the supplied IIA004Response.xml file: it returns +a Decision of Indeterminate with a StatusCode value of +"urn:oasis:names:tc:xacml:1.0:status:syntax-error". + +If the implementation's XACML PDP CAN NEVER attempt to evaluate +an initial policy with invalid syntax, then the implementation +MUST demonstrate that the policy in IIA004Policy.xml will be +rejected by whatever entity is responsible for validating policy +syntax in the system in which the XACML PDP will be used. In +this case, the supplied Request and Response files are not +relevant and may be ignored. http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Policy.xml new file mode 100755 index 0000000..5081f40 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Policy.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA005:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA005. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA005:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical + record. The associated Request for this test omits the + required AttributeId for the Action attribute, however. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Request.xml new file mode 100755 index 0000000..17bc698 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Request.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8" standalone="no"?> +<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; CombinedDecision="false" ReturnPolicyIdList="false" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <!-- AttributeId of action is INTENTIONALLY omitted --> + <Attribute IncludeInResult="false"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"/> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Response.xml new file mode 100755 index 0000000..bc4223e --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA005Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Indeterminate</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:syntax-error"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Policy.xml new file mode 100755 index 0000000..28d4e76 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA006:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA006. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA006:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true" SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true" SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Request.xml new file mode 100755 index 0000000..0023d90 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Request.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA006Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Policy.xml new file mode 100755 index 0000000..f3ff447 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA007:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA007. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA007:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + </Target> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Request.xml new file mode 100755 index 0000000..a1aa16f --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Request.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Response.xml new file mode 100755 index 0000000..409685a --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA007Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Indeterminate</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:missing-attribute"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Policy.xml new file mode 100755 index 0000000..1db5c08 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Policy.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA008:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA008. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA008:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + </Target> + + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Apply> + </Condition> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Request.xml new file mode 100755 index 0000000..0023d90 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Request.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA008Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Policy.xml new file mode 100755 index 0000000..b21bd35 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Policy.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA009:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA009. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA009:rule"> + <Description> + Julius Hibbert can read or write Bart Simpson's medical record. + </Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>write</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>riddle me this</AttributeValue> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:some-attribute" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/> + + </Apply> + </Condition> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Request.xml new file mode 100755 index 0000000..a1aa16f --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Request.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Response.xml new file mode 100755 index 0000000..409685a --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA009Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Indeterminate</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:missing-attribute"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Policy.xml new file mode 100755 index 0000000..2a83767 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Policy.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA010. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Anyone who is 45 integer years old may perform any + action on any resource. + </Description> + <Condition> +<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer"; MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> +</Apply> + </Condition> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Request.xml new file mode 100755 index 0000000..f128475 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Request.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#double";>45.3</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA010Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Policy.xml new file mode 100755 index 0000000..452edd5 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Policy.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA011. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Anyone who is 45 integer years old may perform any + action on any resource. + </Description> + <Condition> +<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer"; MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> +</Apply> + </Condition> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Request.xml new file mode 100755 index 0000000..3e98cdf --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Request.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>46</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Response.xml new file mode 100755 index 0000000..a6b4661 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA011Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Indeterminate</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Policy.xml new file mode 100755 index 0000000..fa384aa --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Policy.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA012. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Anyone who is 45 integer years old may perform any + action on any resource. + </Description> + <Condition> +<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer"; MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> +</Apply> + </Condition> + </Rule> +</Policy> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Request.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Request.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Request.xml new file mode 100755 index 0000000..77d805d --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Request.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd"; ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> + <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>Julius Hibbert</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> + </Attribute> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#double";>45.3</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI";>http://medico.com/record/patient/BartSimpson</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> + <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue> + </Attribute> + </Attributes> + <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" /> +</Request> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Response.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Response.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Response.xml new file mode 100755 index 0000000..6d9d852 --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA012Response.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Response + xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 + http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd";> + <Result> + <Decision>Permit</Decision> + <Status> + <StatusCode + Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> + </Status> + </Result> +</Response> http://git-wip-us.apache.org/repos/asf/incubator-openaz/blob/94fcdd90/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA013Policy.xml ---------------------------------------------------------------------- diff --git a/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA013Policy.xml b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA013Policy.xml new file mode 100755 index 0000000..cd3c37d --- /dev/null +++ b/openaz-xacml-test/testsets/conformance/xacml3.0-ct-v.0.4/IIA013Policy.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description> + Policy for Conformance Test IIA013. + </Description> + <Target/> + <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIA1:rule"> + <Description> + Anyone who is 45 integer years old may perform any + action on any resource. + </Description> + <Condition> +<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#integer"; MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer";>45</AttributeValue> +</Apply> + </Condition> + </Rule> +</Policy>
