Databases Reference
In-Depth Information
<Policy xmlns:rs="reviewpaper.xsd" PolicyId="R3"
RuleCombiningAlgId="
deny-overrides
">
<PolicyDefaults><XPathVersion>Rec-xpath-19991116</XPathVersion>
</PolicyDefaults>
<Target>
<Subjects><Subject><SubjectMatch MatchId="
string-equal
">
<AttributeValue DataType="string">
Reviewer
</AttributeValue>
<SubjectAttributeDesignator AttributeId="
role
" DataType="string"/>
</SubjectMatch></Subject></Subjects>
<Actions><Action><ActionMatch MatchId="
string-equal
">
<AttributeValue DataType="string">
read
</AttributeValue>
<ActionAttributeDesignator AttributeId="
action-id
"
DataType="string"/>
</ActionMatch></Action></Actions>
</Target>
<Rule RuleId="R3-1" Effect="
Permit
">
<Target><Resources><Resource><ResourceMatch MatchId="
xpath-node-equal
">
<AttributeValue DataType="xpath-exp">
//rs:review summary
</>
<ResourceAttributeDesignator AttributeId="
resource-id
"
DataType="xpath-exp"/>
</ResourceMatch></Resource></Resources></Target>
</Rule>
<Rule RuleId="R3-2" Effect="
Permit
">
<Target><Resources><Resource><ResourceMatch MatchId="
xpath-node-
match
">
<AttributeValue DataType="xpath-exp">
//rs:review summary/rs:entry
</>
<ResourceAttributeDesignator AttributeId="
resource-id
"
DataType="xpath-exp"/>
</ResourceMatch></Resource></Resources></Target>
<Condition><Apply FunctionId="
string-equel
">
<AttributeSelector DataType="xpath-exp"
RequestContextPath="
//rs:review summary/rs:entry/rs:review/rs:reviewerName
/rs:text()
"/>
<SubjectAttributeDesignator AttributeId="
subject-id
"
DataType="xpath-exp"/>
</Apply></Condition>
</Rule>
<Rule RuleId="R3-3" Effect="
Deny
">
<Target><Resources><Resource><ResourceMatch MatchId="
xpath-node-
match
">
<AttributeValue DataType="xpath-exp">
//rs:review summary/rs:entry
/rs:authorName
</>
<ResourceAttributeDesignator AttributeId="
resource-id
"
DataType="xpath-exp"/>
</ResourceMatch></Resource></Resources></Target>
</Rule>
</Policy>
Fig. 5.
XACML access control policy corresponding to
R3