Skip to main content

The most recent patch for this version is 1.15.1.  Learn more  

Version: 1.15

XML-format request samples

This page contains the XML-format request message body samples that are referred to in the Example section of the Authorization decisions page.

Permit

Copy this content to a new file named request_permit.xml to use it in the authorization decision example.

<?xml version="1.0" encoding="UTF-8"?>
<xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false"
  xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
    <xacml-ctx:Attribute AttributeId="role" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">employee</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
    <xacml-ctx:Attribute AttributeId="document_id" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">companypolicy</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
    <xacml-ctx:Attribute AttributeId="idaction" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
    <xacml-ctx:Attribute AttributeId="isAllowed" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
</xacml-ctx:Request>

Deny

Copy this content to a new file named request_deny.xml to use it in the authorization decision example.

<?xml version="1.0" encoding="UTF-8"?>
<xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false"
  xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
    <xacml-ctx:Attribute AttributeId="role" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">consultant</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
    <xacml-ctx:Attribute AttributeId="document_id" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">companypolicy</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
    <xacml-ctx:Attribute AttributeId="idaction" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
    <xacml-ctx:Attribute AttributeId="isAllowed" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">false</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
</xacml-ctx:Request>

NotApplicable

Copy this content to a new file named request_notapplicable.xml to use it in the authorization decision example.

<?xml version="1.0" encoding="UTF-8"?>
<xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false"
  xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:attribute-category:environment">
    <xacml-ctx:Attribute AttributeId="isAllowed" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">false</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
</xacml-ctx:Request>

Indeterminate

Copy this content to a new file named request_indeterminate.xml to use it in the authorization decision example.

<?xml version="1.0" encoding="UTF-8"?>
<xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false"
  xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
    <xacml-ctx:Attribute AttributeId="role" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">employee</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
    <xacml-ctx:Attribute AttributeId="document_id" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">companypolicy</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
    <xacml-ctx:Attribute AttributeId="idaction" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
  <xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment">
    <xacml-ctx:Attribute AttributeId="isAllowed" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">false</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
    <xacml-ctx:Attribute AttributeId="isAllowed" IncludeInResult="true">
      <xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[]</xacml-ctx:AttributeValue>
    </xacml-ctx:Attribute>
  </xacml-ctx:Attributes>
</xacml-ctx:Request>