• Home
• com.googlecode.redbox-mint
• fcrepo-client
• 2.2.4
• source code
• deny-apia-datastream-DC-to-all-users.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

xacml-policies.examples.example-repository-policies.apia-tighten-defaults.apia-restrict-datastreams.deny-apia-datastream-DC-to-all-users.xml Maven / Gradle / Ivy

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" PolicyId="deny-apia-datastream-DC-to-all-users">
	<!-- *********************************************************************************************************************************************************-->
	<!--  This policy will DENY access to Dublin Core datastreams.  Specificallly, it will DENY access to ALL users making -->
	<!--  getDatastreamDissemination requests on API-A for datastreams with a datastream identifier of 'DC.'   -->
	<!-- *********************************************************************************************************************************************************-->
	<Description>This policy will DENY access to Dublin Core datastreams.  Specifically, it will DENY access to ALL users making getDatastreamDissemination requests on API-A for datastreams with a datastream identifier of 'DC.'</Description>
	<Target>
		<!-- *********************************************************************************************************************************************************-->
		<!--  This policy is applicable to any Subject.  -->
		<!-- *********************************************************************************************************************************************************-->
		<Subjects>
			<AnySubject/>
		</Subjects>
		<!-- *********************************************************************************************************************************************************-->
		<!-- This policy is applicable to resources that are Dubin Core (DC) datastreams.   -->
		<!-- *********************************************************************************************************************************************************-->
		<!-- The ResourceMatch element enables the XACML enforcement engine to determine whether this policy is applicable based -->
		<!-- on whether an incoming Fedora request pertains to the kind of a Resource entity specified in the ResourceMatch.  -->
		<!-- This is done by the XACML engine doing a comparison of attribute names/values in the incoming request against attribute -->
		<!-- names/values in the ResourceMatch specification.  Notice the XACML-based function "string-equal" on the ResourceMatch -->
		<!-- element which indicates that the matching will be string-based.   -->
		<!-- The ResourceAttributeDesignator element specifies a match criterion as the attribute name datastream:id  -->
		<!-- (identified by urn:fedora:names:fedora:2.1:resource:datastream:id).  The AttributeValue  element indicates that the value -->
		<!-- of the datastream:id must be 'DC' for this policy to be applicable.  -->
		<!-- *********************************************************************************************************************************************************-->
		<Resources>
			<Resource>
				<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
					<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DC</AttributeValue>
					<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
				</ResourceMatch>
			</Resource>
		</Resources>
		<!-- *********************************************************************************************************************************************************-->
		<!--  This policy is applicable to ONLY to the getDatastreamDissemination action (operation) in the Fedora Access Service (i.e., API-A).  -->
		<!--  Note that the ActionAttributeDesignator element specifies the concept of a fedora-based action via the identifier -->
		<!--  urn:fedora:names:fedora:2.1:action:id.  The particular action (API-A operation) that is the target for this policy -->
		<!--  is specified by the AttributeValue identifier of urn:fedora:names:fedora:2.1:action:id-getDatastreamDissemination. -->
		<!-- *********************************************************************************************************************************************************-->
		<Actions>
			<Action>
				<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
					<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-getDatastreamDissemination</AttributeValue>
					<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:action:id"/>
				</ActionMatch>
			</Action>
		</Actions>
	</Target>
	<!-- *********************************************************************************************************************************************************-->
	<!-- Rule 1:  The Rule is completely undiscriminating in that it has no refining conditions.  It will DENY access to to ANY USER issuing -->
	<!-- a request for actions named in the Policy Target above.  This essentially turns off access to the Subject/Resource/Action -->
	<!-- combinations  specified in the Policy Target because this Rule does not have its own local Target or any constraining -->
	<!-- Condition to narrow down the scope of the denial. -->
	<!-- *********************************************************************************************************************************************************-->
	<Rule RuleId="1" Effect="Deny"/>
</Policy>