What builder properties did you use to generate the class files from the
XML schema ?
Werner
PS Please no attachments of this size to the mailing lists, if possible.
That's why we have Jira, once we agree that there's an issue and that I
shall have a closer look.
Sami Ahmed Shaik wrote:
> Hi,
>
> I am trying to develop an application which is going to be XACML 2.0
> compliant. So I planned to use castor 1.1.1 since it has substitution
> group support in it which is required by XACML 2.0. I am using the xsd
> files (attached to this mail) to generate the source code. I am not
> using any binding files. I am using the commandline option -package
> com.ca.eiam.xacml.castor.context for context xsd and -package
> com.ca.eiam.xacml.castor.policy for policy xsd. Source code gets
> generated fine but then when i try to compile it, it fails. I had to
> manually add import statements in a couple of files to make it
> compile.
>
> Then when i try to validate the IIE001 PolicySetId1.xml file
> (attached) containing the PolicySet it throws an exception
>
> exception: java.lang.Exception: unable to find FieldDescriptor for
> 'Apply' in ClassDescriptor of Condition{File: [not available]; line:
> 28; column: 105}
>
> I am very new to using castor, Am i missing some thing here? Do i have
> to use a binding file to resolve this?
>
> Any help is highly appreciated.
>
> Regards,
> Sami.
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <xs:schema targetNamespace="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os"
> xmlns:xs="http://www.w3.org/2001/XMLSchema"; elementFormDefault="qualified"
> attributeFormDefault="unqualified">
> <xs:import namespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
> schemaLocation="http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"/>
> <!-- -->
> <xs:element name="Request" type="xacml-context:RequestType"/>
> <xs:complexType name="RequestType">
> <xs:sequence>
> <xs:element ref="xacml-context:Subject"
> maxOccurs="unbounded"/>
> <xs:element ref="xacml-context:Resource"
> maxOccurs="unbounded"/>
> <xs:element ref="xacml-context:Action"/>
> <xs:element ref="xacml-context:Environment"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Response" type="xacml-context:ResponseType"/>
> <xs:complexType name="ResponseType">
> <xs:sequence>
> <xs:element ref="xacml-context:Result"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Subject" type="xacml-context:SubjectType"/>
> <xs:complexType name="SubjectType">
> <xs:sequence>
> <xs:element ref="xacml-context:Attribute" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="SubjectCategory" type="xs:anyURI"
> default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Resource" type="xacml-context:ResourceType"/>
> <xs:complexType name="ResourceType">
> <xs:sequence>
> <xs:element ref="xacml-context:ResourceContent"
> minOccurs="0"/>
> <xs:element ref="xacml-context:Attribute" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="ResourceContent"
> type="xacml-context:ResourceContentType"/>
> <xs:complexType name="ResourceContentType" mixed="true">
> <xs:sequence>
> <xs:any namespace="##any" processContents="lax"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:anyAttribute namespace="##any" processContents="lax"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Action" type="xacml-context:ActionType"/>
> <xs:complexType name="ActionType">
> <xs:sequence>
> <xs:element ref="xacml-context:Attribute" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Environment" type="xacml-context:EnvironmentType"/>
> <xs:complexType name="EnvironmentType">
> <xs:sequence>
> <xs:element ref="xacml-context:Attribute" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Attribute" type="xacml-context:AttributeType"/>
> <xs:complexType name="AttributeType">
> <xs:sequence>
> <xs:element ref="xacml-context:AttributeValue"
> maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="AttributeId" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:string" use="optional"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="AttributeValue"
> type="xacml-context:AttributeValueType"/>
> <xs:complexType name="AttributeValueType" mixed="true">
> <xs:sequence>
> <xs:any namespace="##any" processContents="lax"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:anyAttribute namespace="##any" processContents="lax"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Result" type="xacml-context:ResultType"/>
> <xs:complexType name="ResultType">
> <xs:sequence>
> <xs:element ref="xacml-context:Decision"/>
> <xs:element ref="xacml-context:Status" minOccurs="0"/>
> <xs:element ref="xacml:Obligations" minOccurs="0"/>
> </xs:sequence>
> <xs:attribute name="ResourceId" type="xs:string"
> use="optional"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Decision" type="xacml-context:DecisionType"/>
> <xs:simpleType name="DecisionType">
> <xs:restriction base="xs:string">
> <xs:enumeration value="Permit"/>
> <xs:enumeration value="Deny"/>
> <xs:enumeration value="Indeterminate"/>
> <xs:enumeration value="NotApplicable"/>
> </xs:restriction>
> </xs:simpleType>
> <!-- -->
> <xs:element name="Status" type="xacml-context:StatusType"/>
> <xs:complexType name="StatusType">
> <xs:sequence>
> <xs:element ref="xacml-context:StatusCode"/>
> <xs:element ref="xacml-context:StatusMessage"
> minOccurs="0"/>
> <xs:element ref="xacml-context:StatusDetail"
> minOccurs="0"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="StatusCode" type="xacml-context:StatusCodeType"/>
> <xs:complexType name="StatusCodeType">
> <xs:sequence>
> <xs:element ref="xacml-context:StatusCode"
> minOccurs="0"/>
> </xs:sequence>
> <xs:attribute name="Value" type="xs:anyURI" use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="StatusMessage" type="xs:string"/>
> <!-- -->
> <xs:element name="StatusDetail" type="xacml-context:StatusDetailType"/>
> <xs:complexType name="StatusDetailType">
> <xs:sequence>
> <xs:any namespace="##any" processContents="lax"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="MissingAttributeDetail"
> type="xacml-context:MissingAttributeDetailType"/>
> <xs:complexType name="MissingAttributeDetailType">
> <xs:sequence>
> <xs:element ref="xacml-context:AttributeValue"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="AttributeId" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
> <xs:attribute name="Issuer" type="xs:string" use="optional"/>
> </xs:complexType>
> <!-- -->
> </xs:schema>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
> xmlns:xs="http://www.w3.org/2001/XMLSchema";
> targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
> elementFormDefault="qualified" attributeFormDefault="unqualified">
> <!-- -->
> <xs:element name="PolicySet" type="xacml:PolicySetType"/>
> <xs:complexType name="PolicySetType">
> <xs:sequence>
> <xs:element ref="xacml:Description" minOccurs="0"/>
> <xs:element ref="xacml:PolicySetDefaults"
> minOccurs="0"/>
> <xs:element ref="xacml:Target"/>
> <xs:choice minOccurs="0" maxOccurs="unbounded">
> <xs:element ref="xacml:PolicySet"/>
> <xs:element ref="xacml:Policy"/>
> <xs:element ref="xacml:PolicySetIdReference"/>
> <xs:element ref="xacml:PolicyIdReference"/>
> <xs:element ref="xacml:CombinerParameters"/>
> <xs:element
> ref="xacml:PolicyCombinerParameters"/>
> <xs:element
> ref="xacml:PolicySetCombinerParameters"/>
> </xs:choice>
> <xs:element ref="xacml:Obligations" minOccurs="0"/>
> </xs:sequence>
> <xs:attribute name="PolicySetId" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="Version" type="xacml:VersionType"
> default="1.0"/>
> <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="CombinerParameters"
> type="xacml:CombinerParametersType"/>
> <xs:complexType name="CombinerParametersType">
> <xs:sequence>
> <xs:element ref="xacml:CombinerParameter" minOccurs="0"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="CombinerParameter"
> type="xacml:CombinerParameterType"/>
> <xs:complexType name="CombinerParameterType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeValue"/>
> </xs:sequence>
> <xs:attribute name="ParameterName" type="xs:string"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="RuleCombinerParameters"
> type="xacml:RuleCombinerParametersType"/>
> <xs:complexType name="RuleCombinerParametersType">
> <xs:complexContent>
> <xs:extension base="xacml:CombinerParametersType">
> <xs:attribute name="RuleIdRef" type="xs:string"
> use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="PolicyCombinerParameters"
> type="xacml:PolicyCombinerParametersType"/>
> <xs:complexType name="PolicyCombinerParametersType">
> <xs:complexContent>
> <xs:extension base="xacml:CombinerParametersType">
> <xs:attribute name="PolicyIdRef"
> type="xs:anyURI" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="PolicySetCombinerParameters"
> type="xacml:PolicySetCombinerParametersType"/>
> <xs:complexType name="PolicySetCombinerParametersType">
> <xs:complexContent>
> <xs:extension base="xacml:CombinerParametersType">
> <xs:attribute name="PolicySetIdRef"
> type="xs:anyURI" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="PolicySetIdReference" type="xacml:IdReferenceType"/>
> <xs:element name="PolicyIdReference" type="xacml:IdReferenceType"/>
> <!-- -->
> <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/>
> <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/>
> <xs:complexType name="DefaultsType">
> <xs:sequence>
> <xs:choice>
> <xs:element ref="xacml:XPathVersion"/>
> </xs:choice>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="XPathVersion" type="xs:anyURI"/>
> <!-- -->
> <xs:complexType name="IdReferenceType">
> <xs:simpleContent>
> <xs:extension base="xs:anyURI">
> <xs:attribute name="Version"
> type="xacml:VersionMatchType" use="optional"/>
> <xs:attribute name="EarliestVersion"
> type="xacml:VersionMatchType" use="optional"/>
> <xs:attribute name="LatestVersion"
> type="xacml:VersionMatchType" use="optional"/>
> </xs:extension>
> </xs:simpleContent>
> </xs:complexType>
> <!-- -->
> <xs:simpleType name="VersionType">
> <xs:restriction base="xs:string">
> <xs:pattern value="(\d+\.)*\d+"/>
> </xs:restriction>
> </xs:simpleType>
> <!-- -->
> <xs:simpleType name="VersionMatchType">
> <xs:restriction base="xs:string">
> <xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)"/>
> </xs:restriction>
> </xs:simpleType>
> <!-- -->
> <xs:element name="Policy" type="xacml:PolicyType"/>
> <xs:complexType name="PolicyType">
> <xs:sequence>
> <xs:element ref="xacml:Description" minOccurs="0"/>
> <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/>
> <xs:element ref="xacml:CombinerParameters"
> minOccurs="0"/>
> <xs:element ref="xacml:Target"/>
> <xs:choice maxOccurs="unbounded">
> <xs:element ref="xacml:CombinerParameters"
> minOccurs="0"/>
> <xs:element ref="xacml:RuleCombinerParameters"
> minOccurs="0"/>
> <xs:element ref="xacml:VariableDefinition"/>
> <xs:element ref="xacml:Rule"/>
> </xs:choice>
> <xs:element ref="xacml:Obligations" minOccurs="0"/>
> </xs:sequence>
> <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
> <xs:attribute name="Version" type="xacml:VersionType"
> default="1.0"/>
> <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Description" type="xs:string"/>
> <!-- -->
> <xs:element name="Rule" type="xacml:RuleType"/>
> <xs:complexType name="RuleType">
> <xs:sequence>
> <xs:element ref="xacml:Description" minOccurs="0"/>
> <xs:element ref="xacml:Target" minOccurs="0"/>
> <xs:element ref="xacml:Condition" minOccurs="0"/>
> </xs:sequence>
> <xs:attribute name="RuleId" type="xs:string" use="required"/>
> <xs:attribute name="Effect" type="xacml:EffectType"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:simpleType name="EffectType">
> <xs:restriction base="xs:string">
> <xs:enumeration value="Permit"/>
> <xs:enumeration value="Deny"/>
> </xs:restriction>
> </xs:simpleType>
> <!-- -->
> <xs:element name="Target" type="xacml:TargetType"/>
> <xs:complexType name="TargetType">
> <xs:sequence>
> <xs:element ref="xacml:Subjects" minOccurs="0"/>
> <xs:element ref="xacml:Resources" minOccurs="0"/>
> <xs:element ref="xacml:Actions" minOccurs="0"/>
> <xs:element ref="xacml:Environments" minOccurs="0"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Subjects" type="xacml:SubjectsType"/>
> <xs:complexType name="SubjectsType">
> <xs:sequence>
> <xs:element ref="xacml:Subject" maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Subject" type="xacml:SubjectType"/>
> <xs:complexType name="SubjectType">
> <xs:sequence>
> <xs:element ref="xacml:SubjectMatch"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Resources" type="xacml:ResourcesType"/>
> <xs:complexType name="ResourcesType">
> <xs:sequence>
> <xs:element ref="xacml:Resource" maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Resource" type="xacml:ResourceType"/>
> <xs:complexType name="ResourceType">
> <xs:sequence>
> <xs:element ref="xacml:ResourceMatch"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Actions" type="xacml:ActionsType"/>
> <xs:complexType name="ActionsType">
> <xs:sequence>
> <xs:element ref="xacml:Action" maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Action" type="xacml:ActionType"/>
> <xs:complexType name="ActionType">
> <xs:sequence>
> <xs:element ref="xacml:ActionMatch"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Environments" type="xacml:EnvironmentsType"/>
> <xs:complexType name="EnvironmentsType">
> <xs:sequence>
> <xs:element ref="xacml:Environment"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Environment" type="xacml:EnvironmentType"/>
> <xs:complexType name="EnvironmentType">
> <xs:sequence>
> <xs:element ref="xacml:EnvironmentMatch"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
> <xs:complexType name="SubjectMatchType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeValue"/>
> <xs:choice>
> <xs:element
> ref="xacml:SubjectAttributeDesignator"/>
> <xs:element ref="xacml:AttributeSelector"/>
> </xs:choice>
> </xs:sequence>
> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/>
> <xs:complexType name="ResourceMatchType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeValue"/>
> <xs:choice>
> <xs:element
> ref="xacml:ResourceAttributeDesignator"/>
> <xs:element ref="xacml:AttributeSelector"/>
> </xs:choice>
> </xs:sequence>
> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="ActionMatch" type="xacml:ActionMatchType"/>
> <xs:complexType name="ActionMatchType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeValue"/>
> <xs:choice>
> <xs:element
> ref="xacml:ActionAttributeDesignator"/>
> <xs:element ref="xacml:AttributeSelector"/>
> </xs:choice>
> </xs:sequence>
> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/>
> <xs:complexType name="EnvironmentMatchType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeValue"/>
> <xs:choice>
> <xs:element
> ref="xacml:EnvironmentAttributeDesignator"/>
> <xs:element ref="xacml:AttributeSelector"/>
> </xs:choice>
> </xs:sequence>
> <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="VariableDefinition"
> type="xacml:VariableDefinitionType"/>
> <xs:complexType name="VariableDefinitionType">
> <xs:sequence>
> <xs:element ref="xacml:Expression"/>
> </xs:sequence>
> <xs:attribute name="VariableId" type="xs:string"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="Expression" type="xacml:ExpressionType"
> abstract="true"/>
> <xs:complexType name="ExpressionType" abstract="true"/>
> <!-- -->
> <xs:element name="VariableReference" type="xacml:VariableReferenceType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="VariableReferenceType">
> <xs:complexContent>
> <xs:extension base="xacml:ExpressionType">
> <xs:attribute name="VariableId"
> type="xs:string" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="AttributeSelectorType">
> <xs:complexContent>
> <xs:extension base="xacml:ExpressionType">
> <xs:attribute name="RequestContextPath"
> type="xs:string" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="MustBePresent"
> type="xs:boolean" use="optional" default="false"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="ResourceAttributeDesignator"
> type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
> <xs:element name="ActionAttributeDesignator"
> type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
> <xs:element name="EnvironmentAttributeDesignator"
> type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
> <!-- -->
> <xs:complexType name="AttributeDesignatorType">
> <xs:complexContent>
> <xs:extension base="xacml:ExpressionType">
> <xs:attribute name="AttributeId"
> type="xs:anyURI" use="required"/>
> <xs:attribute name="DataType" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="Issuer" type="xs:string"
> use="optional"/>
> <xs:attribute name="MustBePresent"
> type="xs:boolean" use="optional" default="false"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="SubjectAttributeDesignator"
> type="xacml:SubjectAttributeDesignatorType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="SubjectAttributeDesignatorType">
> <xs:complexContent>
> <xs:extension base="xacml:AttributeDesignatorType">
> <xs:attribute name="SubjectCategory"
> type="xs:anyURI" use="optional"
> default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="AttributeValue" type="xacml:AttributeValueType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="AttributeValueType" mixed="true">
> <xs:complexContent mixed="true">
> <xs:extension base="xacml:ExpressionType">
> <xs:sequence>
> <xs:any namespace="##any"
> processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="DataType" type="xs:anyURI"
> use="required"/>
> <xs:anyAttribute namespace="##any"
> processContents="lax"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="Function" type="xacml:FunctionType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="FunctionType">
> <xs:complexContent>
> <xs:extension base="xacml:ExpressionType">
> <xs:attribute name="FunctionId"
> type="xs:anyURI" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="Condition" type="xacml:ConditionType"/>
> <xs:complexType name="ConditionType">
> <xs:sequence>
> <xs:element ref="xacml:Expression"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Apply" type="xacml:ApplyType"
> substitutionGroup="xacml:Expression"/>
> <xs:complexType name="ApplyType">
> <xs:complexContent>
> <xs:extension base="xacml:ExpressionType">
> <xs:sequence>
> <xs:element ref="xacml:Expression"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="FunctionId"
> type="xs:anyURI" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> <xs:element name="Obligations" type="xacml:ObligationsType"/>
> <xs:complexType name="ObligationsType">
> <xs:sequence>
> <xs:element ref="xacml:Obligation"
> maxOccurs="unbounded"/>
> </xs:sequence>
> </xs:complexType>
> <!-- -->
> <xs:element name="Obligation" type="xacml:ObligationType"/>
> <xs:complexType name="ObligationType">
> <xs:sequence>
> <xs:element ref="xacml:AttributeAssignment"
> minOccurs="0" maxOccurs="unbounded"/>
> </xs:sequence>
> <xs:attribute name="ObligationId" type="xs:anyURI"
> use="required"/>
> <xs:attribute name="FulfillOn" type="xacml:EffectType"
> use="required"/>
> </xs:complexType>
> <!-- -->
> <xs:element name="AttributeAssignment"
> type="xacml:AttributeAssignmentType"/>
> <xs:complexType name="AttributeAssignmentType" mixed="true">
> <xs:complexContent mixed="true">
> <xs:extension base="xacml:AttributeValueType">
> <xs:attribute name="AttributeId"
> type="xs:anyURI" use="required"/>
> </xs:extension>
> </xs:complexContent>
> </xs:complexType>
> <!-- -->
> </xs:schema>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <PolicySet
> xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
> access_control-xacml-2.0-policy-schema-os.xsd"
>
> PolicySetId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1"
>
> PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:deny-overrides">
> <Description>
> PolicySet1 for Conformance Test IIE001.
> </Description>
> <Target/>
> <Policy
>
> PolicyId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policy2"
>
> RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
> <Description>
> Policy2 for Conformance Test IIE001.
> </Description>
> <Target/>
> <Rule
>
> RuleId="urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:rule2"
> Effect="Permit">
> <Description>
> A subject who is at least 5 years older than Bart
> Simpson may read Bart Simpson's medical record. PERMIT.
> </Description>
> <Condition>
> <Apply
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal">
> <Apply
>
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
> <Apply
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
> <SubjectAttributeDesignator
>
> AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:age"
>
> DataType="http://www.w3.org/2001/XMLSchema#integer"/>
> </Apply>
> <Apply
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
> <EnvironmentAttributeDesignator
>
> AttributeId="urn:oasis:names:tc:xacml:2.0:conformance-test:bart-simpson-age"
>
> DataType="http://www.w3.org/2001/XMLSchema#integer"/>
> </Apply>
> </Apply>
> <AttributeValue
>
> DataType="http://www.w3.org/2001/XMLSchema#integer";>5</AttributeValue>
> </Apply>
> </Condition>
> </Rule>
> </Policy>
> </PolicySet>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe from this list please visit:
>
> http://xircles.codehaus.org/manage_email
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
