Protected Resource Examples - Augment with Group Access Rights
Read a Protected Resource Example
as of 15 Mar 2013
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <resource:protectedResource xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <dcterms:subject/> <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator> <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-22T16:26:12.627-05:00</dcterms:created> <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier> <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-22T16:37:25.564-05:00</dcterms:modified> <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue> </request:resourceId> <resource:resourceOwner AttributeId="urn:mace:projectbamboo.org:attribute:1.0:resourceOwner" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:resourceOwnerAttributeValue>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</resource:resourceOwnerAttributeValue> </resource:resourceOwner> <resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue> </resource:scopedRolesWithViewhAccessRights> <resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue> </resource:scopedRolesWithUpdateAccessRights> </resource:protectedResource>
as augmented to illustrate Group access
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <resource:protectedResource xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <dcterms:subject/> <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator> <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-22T16:26:12.627-05:00</dcterms:created> <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier> <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-22T16:37:25.564-05:00</dcterms:modified> <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue> </request:resourceId> <resource:resourceOwner AttributeId="urn:mace:projectbamboo.org:attribute:1.0:resourceOwner" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:resourceOwnerAttributeValue>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</resource:resourceOwnerAttributeValue> </resource:resourceOwner> <resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue> </resource:scopedRolesWithViewhAccessRights> <resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue> </resource:scopedRolesWithUpdateAccessRights> <--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx BEGIN AUGMENTED ELEMENTS xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx--> <resource:groupsWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-view-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:IsMemberOfAttributeValue>urn:uuid:d67b9bfd-8033-4082-851c-7fa464f552ac</resource:IsMemberOfAttributeValue> </resource:groupsWithViewhAccessRights> <resource:GroupsWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-update-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:IsMemberOfAttributeValue>urn:uuid:51e99f86-844d-4dc7-a4c6-8ae85d38d3ab</resource:IsMemberOfAttributeValue> </resource:GroupsWithUpdateAccessRights> <--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx END AUGMENTED ELEMENTS xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --> </resource:protectedResource>
Update a Protected Resource Example
as of 15 Mar 2013
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <resource:protectedResource xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue> </request:resourceId> <resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue> </resource:scopedRolesWithViewhAccessRights> <resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue> </resource:scopedRolesWithUpdateAccessRights> </resource:protectedResource>
as augmented to illustrate Group access
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <resource:protectedResource xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue> </request:resourceId> <resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue> </resource:scopedRolesWithViewhAccessRights> <resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name"> <resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue> </resource:scopedRolesWithUpdateAccessRights> <--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx BEGIN AUGMENTED ELEMENTS xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx--> <resource:groupsWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-view-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:IsMemberOfAttributeValue>urn:uuid:d67b9bfd-8033-4082-851c-7fa464f552ac</resource:IsMemberOfAttributeValue> </resource:groupsWithViewhAccessRights> <resource:GroupsWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-update-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI"> <resource:IsMemberOfAttributeValue>urn:uuid:51e99f86-844d-4dc7-a4c6-8ae85d38d3ab</resource:IsMemberOfAttributeValue> </resource:GroupsWithUpdateAccessRights> <--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx END AUGMENTED ELEMENTS xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --> </resource:protectedResource>
Note on cleaning up ProtectedResource.xsd
There appear to be some minor irregularities in the ProtectedResource.xsd. These are incorporated into the examples on this page. A JIRA issue to identify these irregularities would be a helpful note to future developers.
Specifically:
- Element names scopedRolesWithViewhAccessRights and groupsWithViewhAccessRights contain an apparent typo (the letter "h" between "View" and "Access")
- The element name GroupsWithUpdateAccessRights does not follow the convention of beginning an element name with a lower case letter
- The description (xs:documentation element) for the element GroupsWithUpdateAccessRights has a typo in the first word: "Groupss that have update access to this resource"