XML Access Control

Access control can be specified on XML document elements via an embedded child element:

<foo a="1" b="2">

     <AC:access-control realm="bar" match="@*">

          <AC:Allow entity="Joe" read="1" write="1" edit="1" delete="0"

                       container-inherit="1" inherit-only="0" no-propagate="1"/>

          <AC:Deny entity="Users" write="1" delete="1" />

          <AC:Audit entity="World" access="Success Failure" access="-1" />

    </AC:access-control>

</foo>

xmlns:AC = http://www.openhealth.org/AccessControl

AC:access-control defines an access control list

       attribute "realm" defines the realm of the access control

       attribute "match" defines an XPath pattern on which the ACL applies (default = ".")

       element "Allow" creates an access control allowed entry

       element "Deny" creates an access control denied entry

       element "Audit" creates an access control audit entry

              attribute "entity" defines the user or group to which the ACL applies

              attribute token defines the access control

Jonathan Borden

http://www.openhealth.org

September 26, 2000