xacml:Policy

Element information

Namespace: urn:oasis:names:tc:xacml:2.0:policy:schema:os

Schema document: access_control-xacml-2.0-policy-schema-os.xsd

Properties: Global, Qualified

Content

Sequence [1..1]
1. xacml:Description [0..1]
2. xacml:PolicyDefaults [0..1]
3. xacml:CombinerParameters [0..1]
4. xacml:Target [1..1]
5. Choice [1..*]
  - xacml:CombinerParameters [0..1]
  - xacml:RuleCombinerParameters [0..1]
  - xacml:VariableDefinition
  - xacml:Rule
6. xacml:Obligations [0..1]

Attributes

Name	Occ	Type	Notes
PolicyId	[1..1]	xsd:anyURI
Version	[0..1]	xacml:VersionType	Default value is "1.0".
RuleCombiningAlgId	[1..1]	xsd:anyURI

Used in

Type xacml:PolicySetType (Element xacml:PolicySet)

Sample instance

<Policy        xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd"
        PolicyId="urn:oasis:names:tc:example:SimplePolicy1"
        RuleCombiningAlgId="identifier:rule-combining-algorithm:deny-overrides">
   <Description>
  Med Example Corp access control policy
 </Description>
   <Target/>
   <Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:SimpleRule1" Effect="Permit">
      <Description>
   Any subject with an e-mail name in the med.example.com domain
   can perform any action on any resource.
  		</Description>
      <Target>
         <Subjects>
            <Subject>
               <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match">
                  <AttributeValue DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
       med.example.com
      						</AttributeValue>
                  <SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                                              DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"/>
               </SubjectMatch>
            </Subject>
         </Subjects>
      </Target>
   </Rule>
</Policy>