xacml:Policy
Element information
Namespace: urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
Schema document: xacml-core-v3-schema-wd-17.xsd
Type: xacml:PolicyType
Properties: Global, Qualified
Content
- Sequence [1..1]
- xacml:Description [0..1]
- xacml:PolicyIssuer [0..1]
- xacml:PolicyDefaults [0..1]
- xacml:Target [1..1]
- Choice [1..*]
- xacml:ObligationExpressions [0..1]
- xacml:AdviceExpressions [0..1]
Attributes
| Name | Occ | Type | Description | Notes |
|---|---|---|---|---|
| PolicyId | [1..1] | xsd:anyURI | ||
| Version | [1..1] | xacml:VersionType | ||
| RuleCombiningAlgId | [1..1] | xsd:anyURI | ||
| MaxDelegationDepth | [0..1] | xsd:integer |
Used in
- Type xacml:PolicySetType (Element xacml:PolicySet)
Sample instance
<Policy xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" PolicyId="urn:oasis:names:tc:xacml:3.0:example:SimplePolicy1" Version="1.0" RuleCombiningAlgId="identifier:rule-combining-algorithm:deny-overrides"> <Description> Medi Corp access control policy </Description> <Target/> <Rule RuleId="urn:oasis:names:tc:xacml:3.0:example:SimpleRule1" Effect="Permit"> <Description> Any subject with an e-mail name in the med.example.com domain can perform any action on any resource. </Description> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:rfc822Name-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">med.example.com</AttributeValue> <AttributeDesignator MustBePresent="false" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"/> </Match> </AllOf> </AnyOf> </Target> </Rule> </Policy>