-- XML schema extracted from ITU-T X.1143 (11/2007)
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os
http://www.itu.int/ITU-T/formal-language/xml/database/itu-t/x/x1142/2006/x1142-AnnD.2%20XACML%20policy%20schema.xsd"
PolicyId="urn:oasis:names:tc:example:Ex1"
RuleCombiningAlgId="identifier:rule-combining-algorithm:deny-overrides">
<Description>
Example message access control policy
</Description>
<Target/>
<Rule RuleId="urn:oasis:names:tc:xacml:2.0:example:Ex1" Effect="Permit">
<Description>
Only administrator can Reboot the system
</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
administrator
</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">
http://localhost:8080/services/Reboot
</AttributeValue>
<ResourceAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"/>
</ResourceMatch>
</Resource>
</Resources>
</Target>
</Rule>
</Policy>