-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfabricNo.AnyActorNoPolicy.xml
1 lines (1 loc) · 16.2 KB
/
fabricNo.AnyActorNoPolicy.xml
1
<?xml version="1.0" encoding="UTF-8"?><!--This file was generated by the ALFA Plugin for Eclipse from Axiomatics AB (http://www.axiomatics.com).--><!--Any modification to this file will be lost upon recompilation of the source ALFA file--><xacml3:PolicySet PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit" PolicySetId="urn:fabric:authz:xacml:actor:no:ps" Version="1.0" xmlns:xacml3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"><xacml3:Description/><xacml3:PolicySetDefaults><xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion></xacml3:PolicySetDefaults><xacml3:Target/><xacml3:PolicySet PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit" PolicySetId="urn:fabric:authz:xacml:actor:no:ps:create" Version="1.0"><xacml3:Description/><xacml3:PolicySetDefaults><xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion></xacml3:PolicySetDefaults><xacml3:Target><xacml3:AnyOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">create</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">modify</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">delete</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">query</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">status</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">redeem</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POA</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">renew</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">demand</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">update</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">close</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">claim</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">reclaim</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ticket</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">extend</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">relinquish</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf></xacml3:AnyOf></xacml3:Target><xacml3:Policy PolicyId="urn:fabric:authz:xacml:actor:no:p:create" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit" Version="1.0"><xacml3:Description/><xacml3:PolicyDefaults><xacml3:XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</xacml3:XPathVersion></xacml3:PolicyDefaults><xacml3:Target><xacml3:AnyOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">create</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">modify</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">delete</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">query</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">status</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">redeem</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">POA</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">renew</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">demand</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">update</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">close</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">claim</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">reclaim</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ticket</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">extend</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf><xacml3:AllOf><xacml3:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">relinquish</xacml3:AttributeValue><xacml3:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/></xacml3:Match></xacml3:AllOf></xacml3:AnyOf></xacml3:Target><xacml3:Rule Effect="Deny" RuleId="fabricNo.AnyActorNoPolicy.actionPolicySet.actionPolicy#rule_1"><xacml3:Description/><xacml3:Target/></xacml3:Rule></xacml3:Policy></xacml3:PolicySet><xacml3:AdviceExpressions><xacml3:AdviceExpression AdviceId="urn:fabric:authz:xacml:actor:a:no:deny" AppliesTo="Deny"><xacml3:AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:1.0:subject:message" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"><xacml3:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Policy Violation: This policy always says Deny.</xacml3:AttributeValue></xacml3:AttributeAssignmentExpression></xacml3:AdviceExpression></xacml3:AdviceExpressions></xacml3:PolicySet>