...
| ID | Data Type | Source | In Request? | Notes |
|---|---|---|---|---|
urn:oasis:names:tc:xacml:1.0:resource:resource-id | string | Fedora path | Yes | The full Fedora path to the node resource or propery (with extra hierarchy compressed away) |
| ||||
urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self | ||||
fcrepo-xacml:resource-parent | string | Fedora path | Yes | Path of the parent of the resource (always an existing noderesource, in session if not saved to workspace) |
urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor | ||||
fcrepo-xacml:resource-workspace | string | ModeShape session | Yes | Name of the workspace |
urn:oasis:names:tc:xacml:1.0:resource:scope | string | AuthZ Delegate | Yes | If the action impacts child nodesresources, then value will be "Descendants", otherwise it will be "Immediate". A "remove" is an example of such an action.‡ |
...
There are many RDF predicates that are available in the graph for Fedora objects and datastreamsresources. These include numerous properties like mime-type, datastream binary size, and even checksum. Without trying to predict which of these will be useful in policies, Fedora XACML can reference any predicate URI as a resource attribute ID.
...