Protected Resource Examples - Augment with Group Access Rights
Read a Protected Resource Example
as of 15 Mar 2013
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<resource:protectedResource xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<dcterms:subject/>
<dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
<dcterms:created xsi:type="dcterms:W3CDTF">2013-02-22T16:26:12.627-05:00</dcterms:created>
<bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
<dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-22T16:37:25.564-05:00</dcterms:modified>
<request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue>
</request:resourceId>
<resource:resourceOwner AttributeId="urn:mace:projectbamboo.org:attribute:1.0:resourceOwner" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:resourceOwnerAttributeValue>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</resource:resourceOwnerAttributeValue>
</resource:resourceOwner>
<resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue>
</resource:scopedRolesWithViewhAccessRights>
<resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue>
</resource:scopedRolesWithUpdateAccessRights>
</resource:protectedResource>
as augmented to illustrate Group access
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<resource:protectedResource xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<dcterms:subject/>
<dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
<dcterms:created xsi:type="dcterms:W3CDTF">2013-02-22T16:26:12.627-05:00</dcterms:created>
<bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
<dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-22T16:37:25.564-05:00</dcterms:modified>
<request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue>
</request:resourceId>
<resource:resourceOwner AttributeId="urn:mace:projectbamboo.org:attribute:1.0:resourceOwner" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:resourceOwnerAttributeValue>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</resource:resourceOwnerAttributeValue>
</resource:resourceOwner>
<resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue>
</resource:scopedRolesWithViewhAccessRights>
<resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue>
</resource:scopedRolesWithUpdateAccessRights>
<--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BEGIN AUGMENTED ELEMENTS
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-->
<resource:groupsWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-view-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:IsMemberOfAttributeValue>urn:uuid:d67b9bfd-8033-4082-851c-7fa464f552ac</resource:IsMemberOfAttributeValue>
</resource:groupsWithViewhAccessRights>
<resource:GroupsWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-update-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:IsMemberOfAttributeValue>urn:uuid:51e99f86-844d-4dc7-a4c6-8ae85d38d3ab</resource:IsMemberOfAttributeValue>
</resource:GroupsWithUpdateAccessRights>
<--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
END AUGMENTED ELEMENTS
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -->
</resource:protectedResource>
Update a Protected Resource Example
as of 15 Mar 2013
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<resource:protectedResource xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0"
xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue>
</request:resourceId>
<resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue>
</resource:scopedRolesWithViewhAccessRights>
<resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue>
</resource:scopedRolesWithUpdateAccessRights>
</resource:protectedResource>
as augmented to illustrate Group access
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<resource:protectedResource xmlns:resource="urn:mace:projectbamboo.org:schema:protected-resource:1.0"
xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<request:resourceIdValue>urn:uuid:dec36b3a-60f8-448c-b1bd-7793a22098b9</request:resourceIdValue>
</request:resourceId>
<resource:scopedRolesWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-view-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>student@berkeley.edu</resource:roleAttributeValue>
</resource:scopedRolesWithViewhAccessRights>
<resource:scopedRolesWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scoped-role-has-update-access-rights" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
<resource:roleAttributeValue>member@folgerlibrary.org</resource:roleAttributeValue>
</resource:scopedRolesWithUpdateAccessRights>
<--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BEGIN AUGMENTED ELEMENTS
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-->
<resource:groupsWithViewhAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-view-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:IsMemberOfAttributeValue>urn:uuid:d67b9bfd-8033-4082-851c-7fa464f552ac</resource:IsMemberOfAttributeValue>
</resource:groupsWithViewhAccessRights>
<resource:GroupsWithUpdateAccessRights AttributeId="urn:mace:projectbamboo.org:attribute:1.0:group-has-update-access-rights" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
<resource:IsMemberOfAttributeValue>urn:uuid:51e99f86-844d-4dc7-a4c6-8ae85d38d3ab</resource:IsMemberOfAttributeValue>
</resource:GroupsWithUpdateAccessRights>
<--! xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
END AUGMENTED ELEMENTS
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -->
</resource:protectedResource>
Note on cleaning up ProtectedResource.xsd
There appear to be some minor irregularities in the ProtectedResource.xsd. These are incorporated into the examples on this page. A JIRA issue to identify these irregularities would be a helpful note to future developers.
Specifically:
- Element names scopedRolesWithViewhAccessRights and groupsWithViewhAccessRights contain an apparent typo (the letter "h" between "View" and "Access")
- The element name GroupsWithUpdateAccessRights does not follow the convention of beginning an element name with a lower case letter
- The description (xs:documentation element) for the element GroupsWithUpdateAccessRights has a typo in the first word: "Groupss that have update access to this resource"