source: ccr/trunk/nhin-vista/projects/NHINC/Current/Product/Production/Gateway/AuditRepositoryEJB/src/conf/xml-resources/web-services/AuditRepository/schemas/oasis/xacml/access_control-xacml-2.0-policy-schema-os.xsd@ 507

Last change on this file since 507 was 507, checked in by George Lilly, 15 years ago

NHIN gateway and adaptor for use on linux with VistA EHR and RPMS
File size: 15.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<xs:schema xmlns:xacml="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:oasis:names:tc:xacml:2.0:policy:schema:os" elementFormDefault="qualified" attributeFormDefault="unqualified">
3 <!-- -->
4 <xs:element name="PolicySet" type="xacml:PolicySetType"/>
5 <xs:complexType name="PolicySetType">
6 <xs:sequence>
7 <xs:element ref="xacml:Description" minOccurs="0"/>
8 <xs:element ref="xacml:PolicySetDefaults" minOccurs="0"/>
9 <xs:element ref="xacml:Target"/>
10 <xs:choice minOccurs="0" maxOccurs="unbounded">
11 <xs:element ref="xacml:PolicySet"/>
12 <xs:element ref="xacml:Policy"/>
13 <xs:element ref="xacml:PolicySetIdReference"/>
14 <xs:element ref="xacml:PolicyIdReference"/>
15 <xs:element ref="xacml:CombinerParameters"/>
16 <xs:element ref="xacml:PolicyCombinerParameters"/>
17 <xs:element ref="xacml:PolicySetCombinerParameters"/>
18 </xs:choice>
19 <xs:element ref="xacml:Obligations" minOccurs="0"/>
20 </xs:sequence>
21 <xs:attribute name="PolicySetId" type="xs:anyURI" use="required"/>
22 <xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
23 <xs:attribute name="PolicyCombiningAlgId" type="xs:anyURI" use="required"/>
24 </xs:complexType>
25 <!-- -->
26 <xs:element name="CombinerParameters" type="xacml:CombinerParametersType"/>
27 <xs:complexType name="CombinerParametersType">
28 <xs:sequence>
29 <xs:element ref="xacml:CombinerParameter" minOccurs="0" maxOccurs="unbounded"/>
30 </xs:sequence>
31 </xs:complexType>
32 <!-- -->
33 <xs:element name="CombinerParameter" type="xacml:CombinerParameterType"/>
34 <xs:complexType name="CombinerParameterType">
35 <xs:sequence>
36 <xs:element ref="xacml:AttributeValue"/>
37 </xs:sequence>
38 <xs:attribute name="ParameterName" type="xs:string" use="required"/>
39 </xs:complexType>
40 <!-- -->
41 <xs:element name="RuleCombinerParameters" type="xacml:RuleCombinerParametersType"/>
42 <xs:complexType name="RuleCombinerParametersType">
43 <xs:complexContent>
44 <xs:extension base="xacml:CombinerParametersType">
45 <xs:attribute name="RuleIdRef" type="xs:string" use="required"/>
46 </xs:extension>
47 </xs:complexContent>
48 </xs:complexType>
49 <!-- -->
50 <xs:element name="PolicyCombinerParameters" type="xacml:PolicyCombinerParametersType"/>
51 <xs:complexType name="PolicyCombinerParametersType">
52 <xs:complexContent>
53 <xs:extension base="xacml:CombinerParametersType">
54 <xs:attribute name="PolicyIdRef" type="xs:anyURI" use="required"/>
55 </xs:extension>
56 </xs:complexContent>
57 </xs:complexType>
58 <!-- -->
59 <xs:element name="PolicySetCombinerParameters" type="xacml:PolicySetCombinerParametersType"/>
60 <xs:complexType name="PolicySetCombinerParametersType">
61 <xs:complexContent>
62 <xs:extension base="xacml:CombinerParametersType">
63 <xs:attribute name="PolicySetIdRef" type="xs:anyURI" use="required"/>
64 </xs:extension>
65 </xs:complexContent>
66 </xs:complexType>
67 <!-- -->
68 <xs:element name="PolicySetIdReference" type="xacml:IdReferenceType"/>
69 <xs:element name="PolicyIdReference" type="xacml:IdReferenceType"/>
70 <!-- -->
71 <xs:element name="PolicySetDefaults" type="xacml:DefaultsType"/>
72 <xs:element name="PolicyDefaults" type="xacml:DefaultsType"/>
73 <xs:complexType name="DefaultsType">
74 <xs:sequence>
75 <xs:choice>
76 <xs:element ref="xacml:XPathVersion"/>
77 </xs:choice>
78 </xs:sequence>
79 </xs:complexType>
80 <!-- -->
81 <xs:element name="XPathVersion" type="xs:anyURI"/>
82 <!-- -->
83 <xs:complexType name="IdReferenceType">
84 <xs:simpleContent>
85 <xs:extension base="xs:anyURI">
86 <xs:attribute name="Version" type="xacml:VersionMatchType" use="optional"/>
87 <xs:attribute name="EarliestVersion" type="xacml:VersionMatchType" use="optional"/>
88 <xs:attribute name="LatestVersion" type="xacml:VersionMatchType" use="optional"/>
89 </xs:extension>
90 </xs:simpleContent>
91 </xs:complexType>
92 <!-- -->
93 <xs:simpleType name="VersionType">
94 <xs:restriction base="xs:string">
95 <xs:pattern value="(\d+\.)*\d+"/>
96 </xs:restriction>
97 </xs:simpleType>
98 <!-- -->
99 <xs:simpleType name="VersionMatchType">
100 <xs:restriction base="xs:string">
101 <xs:pattern value="((\d+|\*)\.)*(\d+|\*|\+)"/>
102 </xs:restriction>
103 </xs:simpleType>
104 <!-- -->
105 <xs:element name="Policy" type="xacml:PolicyType"/>
106 <xs:complexType name="PolicyType">
107 <xs:sequence>
108 <xs:element ref="xacml:Description" minOccurs="0"/>
109 <xs:element ref="xacml:PolicyDefaults" minOccurs="0"/>
110 <!-- Had to comment out this element - JAXB could not deal with the same type
111 referenced twice in the same type definition. -->
112<!-- <xs:element ref="xacml:CombinerParameters" minOccurs="0"/> -->
113 <xs:element ref="xacml:Target"/>
114 <xs:choice maxOccurs="unbounded">
115 <xs:element ref="xacml:CombinerParameters" minOccurs="0"/>
116 <xs:element ref="xacml:RuleCombinerParameters" minOccurs="0"/>
117 <xs:element ref="xacml:VariableDefinition"/>
118 <xs:element ref="xacml:Rule"/>
119 </xs:choice>
120 <xs:element ref="xacml:Obligations" minOccurs="0"/>
121 </xs:sequence>
122 <xs:attribute name="PolicyId" type="xs:anyURI" use="required"/>
123 <xs:attribute name="Version" type="xacml:VersionType" default="1.0"/>
124 <xs:attribute name="RuleCombiningAlgId" type="xs:anyURI" use="required"/>
125 </xs:complexType>
126 <!-- -->
127 <xs:element name="Description" type="xs:string"/>
128 <!-- -->
129 <xs:element name="Rule" type="xacml:RuleType"/>
130 <xs:complexType name="RuleType">
131 <xs:sequence>
132 <xs:element ref="xacml:Description" minOccurs="0"/>
133 <xs:element ref="xacml:Target" minOccurs="0"/>
134 <xs:element ref="xacml:Condition" minOccurs="0"/>
135 </xs:sequence>
136 <xs:attribute name="RuleId" type="xs:string" use="required"/>
137 <xs:attribute name="Effect" type="xacml:EffectType" use="required"/>
138 </xs:complexType>
139 <!-- -->
140 <xs:simpleType name="EffectType">
141 <xs:restriction base="xs:string">
142 <xs:enumeration value="Permit"/>
143 <xs:enumeration value="Deny"/>
144 </xs:restriction>
145 </xs:simpleType>
146 <!-- -->
147 <xs:element name="Target" type="xacml:TargetType"/>
148 <xs:complexType name="TargetType">
149 <xs:sequence>
150 <xs:element ref="xacml:Subjects" minOccurs="0"/>
151 <xs:element ref="xacml:Resources" minOccurs="0"/>
152 <xs:element ref="xacml:Actions" minOccurs="0"/>
153 <xs:element ref="xacml:Environments" minOccurs="0"/>
154 </xs:sequence>
155 </xs:complexType>
156 <!-- -->
157 <xs:element name="Subjects" type="xacml:SubjectsType"/>
158 <xs:complexType name="SubjectsType">
159 <xs:sequence>
160 <xs:element ref="xacml:Subject" maxOccurs="unbounded"/>
161 </xs:sequence>
162 </xs:complexType>
163 <!-- -->
164 <xs:element name="Subject" type="xacml:SubjectType"/>
165 <xs:complexType name="SubjectType">
166 <xs:sequence>
167 <xs:element ref="xacml:SubjectMatch" maxOccurs="unbounded"/>
168 </xs:sequence>
169 </xs:complexType>
170 <!-- -->
171 <xs:element name="Resources" type="xacml:ResourcesType"/>
172 <xs:complexType name="ResourcesType">
173 <xs:sequence>
174 <xs:element ref="xacml:Resource" maxOccurs="unbounded"/>
175 </xs:sequence>
176 </xs:complexType>
177 <!-- -->
178 <xs:element name="Resource" type="xacml:ResourceType"/>
179 <xs:complexType name="ResourceType">
180 <xs:sequence>
181 <xs:element ref="xacml:ResourceMatch" maxOccurs="unbounded"/>
182 </xs:sequence>
183 </xs:complexType>
184 <!-- -->
185 <xs:element name="Actions" type="xacml:ActionsType"/>
186 <xs:complexType name="ActionsType">
187 <xs:sequence>
188 <xs:element ref="xacml:Action" maxOccurs="unbounded"/>
189 </xs:sequence>
190 </xs:complexType>
191 <!-- -->
192 <xs:element name="Action" type="xacml:ActionType"/>
193 <xs:complexType name="ActionType">
194 <xs:sequence>
195 <xs:element ref="xacml:ActionMatch" maxOccurs="unbounded"/>
196 </xs:sequence>
197 </xs:complexType>
198 <!-- -->
199 <xs:element name="Environments" type="xacml:EnvironmentsType"/>
200 <xs:complexType name="EnvironmentsType">
201 <xs:sequence>
202 <xs:element ref="xacml:Environment" maxOccurs="unbounded"/>
203 </xs:sequence>
204 </xs:complexType>
205 <!-- -->
206 <xs:element name="Environment" type="xacml:EnvironmentType"/>
207 <xs:complexType name="EnvironmentType">
208 <xs:sequence>
209 <xs:element ref="xacml:EnvironmentMatch" maxOccurs="unbounded"/>
210 </xs:sequence>
211 </xs:complexType>
212 <!-- -->
213 <xs:element name="SubjectMatch" type="xacml:SubjectMatchType"/>
214 <xs:complexType name="SubjectMatchType">
215 <xs:sequence>
216 <xs:element ref="xacml:AttributeValue"/>
217 <xs:choice>
218 <xs:element ref="xacml:SubjectAttributeDesignator"/>
219 <xs:element ref="xacml:AttributeSelector"/>
220 </xs:choice>
221 </xs:sequence>
222 <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
223 </xs:complexType>
224 <!-- -->
225 <xs:element name="ResourceMatch" type="xacml:ResourceMatchType"/>
226 <xs:complexType name="ResourceMatchType">
227 <xs:sequence>
228 <xs:element ref="xacml:AttributeValue"/>
229 <xs:choice>
230 <xs:element ref="xacml:ResourceAttributeDesignator"/>
231 <xs:element ref="xacml:AttributeSelector"/>
232 </xs:choice>
233 </xs:sequence>
234 <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
235 </xs:complexType>
236 <!-- -->
237 <xs:element name="ActionMatch" type="xacml:ActionMatchType"/>
238 <xs:complexType name="ActionMatchType">
239 <xs:sequence>
240 <xs:element ref="xacml:AttributeValue"/>
241 <xs:choice>
242 <xs:element ref="xacml:ActionAttributeDesignator"/>
243 <xs:element ref="xacml:AttributeSelector"/>
244 </xs:choice>
245 </xs:sequence>
246 <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
247 </xs:complexType>
248 <!-- -->
249 <xs:element name="EnvironmentMatch" type="xacml:EnvironmentMatchType"/>
250 <xs:complexType name="EnvironmentMatchType">
251 <xs:sequence>
252 <xs:element ref="xacml:AttributeValue"/>
253 <xs:choice>
254 <xs:element ref="xacml:EnvironmentAttributeDesignator"/>
255 <xs:element ref="xacml:AttributeSelector"/>
256 </xs:choice>
257 </xs:sequence>
258 <xs:attribute name="MatchId" type="xs:anyURI" use="required"/>
259 </xs:complexType>
260 <!-- -->
261 <xs:element name="VariableDefinition" type="xacml:VariableDefinitionType"/>
262 <xs:complexType name="VariableDefinitionType">
263 <xs:sequence>
264 <xs:element ref="xacml:Expression"/>
265 </xs:sequence>
266 <xs:attribute name="VariableId" type="xs:string" use="required"/>
267 </xs:complexType>
268 <!-- -->
269 <xs:element name="Expression" type="xacml:ExpressionType" abstract="true"/>
270 <xs:complexType name="ExpressionType" abstract="true"/>
271 <!-- -->
272 <xs:element name="VariableReference" type="xacml:VariableReferenceType" substitutionGroup="xacml:Expression"/>
273 <xs:complexType name="VariableReferenceType">
274 <xs:complexContent>
275 <xs:extension base="xacml:ExpressionType">
276 <xs:attribute name="VariableId" type="xs:string" use="required"/>
277 </xs:extension>
278 </xs:complexContent>
279 </xs:complexType>
280 <!-- -->
281 <xs:element name="AttributeSelector" type="xacml:AttributeSelectorType" substitutionGroup="xacml:Expression"/>
282 <xs:complexType name="AttributeSelectorType">
283 <xs:complexContent>
284 <xs:extension base="xacml:ExpressionType">
285 <xs:attribute name="RequestContextPath" type="xs:string" use="required"/>
286 <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
287 <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
288 </xs:extension>
289 </xs:complexContent>
290 </xs:complexType>
291 <!-- -->
292 <xs:element name="ResourceAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
293 <xs:element name="ActionAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
294 <xs:element name="EnvironmentAttributeDesignator" type="xacml:AttributeDesignatorType" substitutionGroup="xacml:Expression"/>
295 <!-- -->
296 <xs:complexType name="AttributeDesignatorType">
297 <xs:complexContent>
298 <xs:extension base="xacml:ExpressionType">
299 <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
300 <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
301 <xs:attribute name="Issuer" type="xs:string" use="optional"/>
302 <xs:attribute name="MustBePresent" type="xs:boolean" use="optional" default="false"/>
303 </xs:extension>
304 </xs:complexContent>
305 </xs:complexType>
306 <!-- -->
307 <xs:element name="SubjectAttributeDesignator" type="xacml:SubjectAttributeDesignatorType" substitutionGroup="xacml:Expression"/>
308 <xs:complexType name="SubjectAttributeDesignatorType">
309 <xs:complexContent>
310 <xs:extension base="xacml:AttributeDesignatorType">
311 <xs:attribute name="SubjectCategory" type="xs:anyURI" use="optional" default="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
312 </xs:extension>
313 </xs:complexContent>
314 </xs:complexType>
315 <!-- -->
316 <xs:element name="AttributeValue" type="xacml:AttributeValueType" substitutionGroup="xacml:Expression"/>
317 <xs:complexType name="AttributeValueType" mixed="true">
318 <xs:complexContent mixed="true">
319 <xs:extension base="xacml:ExpressionType">
320 <xs:sequence>
321 <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
322 </xs:sequence>
323 <xs:attribute name="DataType" type="xs:anyURI" use="required"/>
324 <xs:anyAttribute namespace="##any" processContents="lax"/>
325 </xs:extension>
326 </xs:complexContent>
327 </xs:complexType>
328 <!-- -->
329 <xs:element name="Function" type="xacml:FunctionType" substitutionGroup="xacml:Expression"/>
330 <xs:complexType name="FunctionType">
331 <xs:complexContent>
332 <xs:extension base="xacml:ExpressionType">
333 <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
334 </xs:extension>
335 </xs:complexContent>
336 </xs:complexType>
337 <!-- -->
338 <xs:element name="Condition" type="xacml:ConditionType"/>
339 <xs:complexType name="ConditionType">
340 <xs:sequence>
341 <xs:element ref="xacml:Expression"/>
342 </xs:sequence>
343 </xs:complexType>
344 <!-- -->
345 <xs:element name="Apply" type="xacml:ApplyType" substitutionGroup="xacml:Expression"/>
346 <xs:complexType name="ApplyType">
347 <xs:complexContent>
348 <xs:extension base="xacml:ExpressionType">
349 <xs:sequence>
350 <xs:element ref="xacml:Expression" minOccurs="0" maxOccurs="unbounded"/>
351 </xs:sequence>
352 <xs:attribute name="FunctionId" type="xs:anyURI" use="required"/>
353 </xs:extension>
354 </xs:complexContent>
355 </xs:complexType>
356 <!-- -->
357 <xs:element name="Obligations" type="xacml:ObligationsType"/>
358 <xs:complexType name="ObligationsType">
359 <xs:sequence>
360 <xs:element ref="xacml:Obligation" maxOccurs="unbounded"/>
361 </xs:sequence>
362 </xs:complexType>
363 <!-- -->
364 <xs:element name="Obligation" type="xacml:ObligationType"/>
365 <xs:complexType name="ObligationType">
366 <xs:sequence>
367 <xs:element ref="xacml:AttributeAssignment" minOccurs="0" maxOccurs="unbounded"/>
368 </xs:sequence>
369 <xs:attribute name="ObligationId" type="xs:anyURI" use="required"/>
370 <xs:attribute name="FulfillOn" type="xacml:EffectType" use="required"/>
371 </xs:complexType>
372 <!-- -->
373 <xs:element name="AttributeAssignment" type="xacml:AttributeAssignmentType"/>
374 <xs:complexType name="AttributeAssignmentType" mixed="true">
375 <xs:complexContent mixed="true">
376 <xs:extension base="xacml:AttributeValueType">
377 <xs:attribute name="AttributeId" type="xs:anyURI" use="required"/>
378 </xs:extension>
379 </xs:complexContent>
380 </xs:complexType>
381 <!-- -->
382</xs:schema>
Note: See TracBrowser for help on using the repository browser.