<?xml version="1.0" encoding="UTF-8"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicySetId="RPS:all:roles" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides">
<Target />
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="rolePS:Anesthesiologist_1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:my:function:role:is-instance">
<AttributeValue DataType="urn:my:dataType:role">
<RoleName>urn:example:role-values:Anesthesiologist</RoleName>
<RoleParams>
<Param Name="operatingRoom" DataType="http://www.w3.org/2001/XMLSchema#string" />
</RoleParams>
</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="urn:my:dataType:role" />
</SubjectMatch>
</Subject>
</Subjects>
</Target>
<Rule RuleId="read:patientRecords:PositionIn(property:patient-position,parameter:operatingRoom)_and_EventVisibleIn(parameter:operatingRoom,event:surgeonInOR)" Effect="Permit">
<Target>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:example:resource-categories:patientRecords</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:example:resource:category-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:my:function:spatial:point-within-location-logical">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:parameter:operatingRoom" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
<Apply FunctionId="urn:my:function:spatial:geometryAttribute-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:my:resource:property:patient-position" DataType="urn:ogc:def:dataType:geoxacml:1.0:geometry"/>
</Apply>
</Apply>
<Apply FunctionId="urn:my:function:event:visible-in">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">surgeonInOR</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:parameter:operatingRoom" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>