<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-os.xsd" PolicyId="urn:oasis:names:tc:example:EnablingPolicy" RuleCombiningAlgId="my:rule-combining-algorithm:deny-overrides">
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">accessPDP</AttributeValue>
<SubjectAttributeDesignator SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject-category:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
</SubjectMatch>
</Subject>
</Subjects>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">enableRole</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
</ActionMatch>
</Action>
</Actions>
</Target>

<Rule RuleId= "urn:oasis:names:tc:xacml:2.0:example:rule0" Effect="Permit" Priority="0">
<Description>(workingHours,cardiology,AnyEvent), 0:enable doctor(cardiology)</Description>
<Target>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:my:function:role:same-instance">
<AttributeValue DataType="urn:my:dataType:role">
<RoleName>urn:example:role-values:doctor</RoleName>
<RoleParams>
<Param Name="dept" DataType="http://www.w3.org/2001/XMLSchema#string">cardiology</Param>
</RoleParams>
</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="urn:my:dataType:role" />
</ResourceMatch>
</Resource>
</Resources>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:my:function:time:inside">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:request-time" DataType="http://www.w3.org/2001/XMLSchema#dateTime" />
</Apply>
<AttributeValue DataType="urn:my:periodic-expression">
<PeriodicExp>
<CalendarStart Type="Weeks">1-53</CalendarStart>
<CalendarStart Type="Days">2-6</CalendarStart>
<CalendarStart Type="Hours">9,14</CalendarStart>
<CalendarLength Type="Hours">4</CalendarLength>
</PeriodicExp>
</AttributeValue>
</Apply>
<Apply FunctionId="urn:my:function:spatial:point-within-location-logical">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">cardiology</AttributeValue>
<Apply FunctionId="urn:my:function:spatial:geometryAttribute-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:subject:position-coord" DataType="urn:ogc:def:dataType:geoxacml:1.0:geometry" />
</Apply>
</Apply>
</Apply>
</Condition>
</Rule>

<Rule RuleId= "urn:oasis:names:tc:xacml:2.0:example:rule1" Effect="Permit" Priority="0">
<Description>(workingHours,stroke_unit,AnyEvent), enable doctor(stroke_unit)</Description>
<Target>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:my:function:role:same-instance">
<AttributeValue DataType="urn:my:dataType:role">
<RoleName>urn:example:role-values:doctor</RoleName>
<RoleParams>
<Param Name="dept" DataType="http://www.w3.org/2001/XMLSchema#string">stroke_unit</Param>
</RoleParams>
</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="urn:my:dataType:role" />
</ResourceMatch>
</Resource>
</Resources>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:my:function:time:inside">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:dateTime-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:request-time" DataType="http://www.w3.org/2001/XMLSchema#dateTime" />
</Apply>
<AttributeValue DataType="urn:my:periodic-expression">
<PeriodicExp>
<CalendarStart Type="Weeks">1-53</CalendarStart>
<CalendarStart Type="Days">2-6</CalendarStart>
<CalendarStart Type="Hours">9,14</CalendarStart>
<CalendarLength Type="Hours">4</CalendarLength>
</PeriodicExp>
</AttributeValue>
</Apply>
<Apply FunctionId="urn:my:function:spatial:point-within-location-logical">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">stroke_unit</AttributeValue>
<Apply FunctionId="urn:my:function:spatial:geometryAttribute-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:subject:position-coord" DataType="urn:ogc:def:dataType:geoxacml:1.0:geometry" />
</Apply>
</Apply>
</Apply>
</Condition>
</Rule>

<Rule RuleId= "urn:oasis:names:tc:xacml:2.0:example:rule2" Effect="Permit" Priority="0">
<Description>(AnyTime,dept:lt,criticalPatient), enable doctor(Any)</Description>
<Target>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:my:function:role:is-instance">
<AttributeValue DataType="urn:my:dataType:role">
<RoleName>urn:example:role-values:doctor</RoleName>
<RoleParams>
<Param Name="dept" DataType="http://www.w3.org/2001/XMLSchema#string" />
</RoleParams>
</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="urn:my:dataType:role" />
</ResourceMatch>
</Resource>
</Resources>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:my:function:spatial:point-within-location-type">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dept</AttributeValue>
<Apply FunctionId="urn:my:function:spatial:geometryAttribute-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:subject:position-coord" DataType="urn:ogc:def:dataType:geoxacml:1.0:geometry" />
</Apply>
</Apply>
<Apply FunctionId="urn:my:function:event:visible-at">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">criticalPatient</AttributeValue>
<Apply FunctionId="urn:my:function:spatial:geometryAttribute-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:my:subject:position-coord" DataType="urn:ogc:def:dataType:geoxacml:1.0:geometry" />
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject-category:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" />
</Apply>
</Apply>
</Apply>
</Condition>
</Rule>
</Policy>
