...
ID | Data Type | Source | In Request? | Notes |
---|---|---|---|---|
urn:oasis:names:tc:xacml:1.0:resource:resource-id | string | ModeShape path | Yes | The full modeshape path |
| URI | ModeShape path | Yes | Fedora graph subject URI for this node |
urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self | string | ModeShape path | Yes | Set of paths for this resource and its ancestors |
urn:oasis:names:tc:xacml:1.0:resource:resource-parent | string | ModeShape path | Yes | Path of the parent of the resource (always an existing node, in session if not saved to workspace) |
urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor | string | ModeShape path | Yes | Set of paths of all ancestor nodes |
urn:fedora:xacml:2.0:resource:resource-workspace | string | ModeShape session | Yes | Name of the workspace |
urn:oasis:names:tc:xacml:1.0:resource:scope | string | AuthZ Delegate | Yes | If the action impacts child nodes, then value will be "Descendants", otherwise it will be "Immediate". A "remove" is an example of such an action.‡ |
‡ Further research is needed to figure out the semantics of a ModeShape move operation and how policies shall be enforced.
Environment Attributes
ID | Data Type | Source | In Request? | Notes |
---|---|---|---|---|
urn:oasis:names:tc:xacml:1.0:environment:current-time | time | AuthZ Delegate | Yes | |
urn:oasis:names:tc:xacml:1.0:environment:current-date | date | AuthZ Delegate | Yes | |
urn:oasis:names:tc:xacml:1.0:environment:current-dateTime | dateTime | AuthZ Delegate | Yes |