|
1
|
<!--
|
|
2
|
'$RCSfile$'
|
|
3
|
Copyright: 2000 Regents of the University of California and the
|
|
4
|
National Center for Ecological Analysis and Synthesis
|
|
5
|
For Details: http://knb.ecoinformatics.org/
|
|
6
|
|
|
7
|
'$Author: jones $'
|
|
8
|
'$Date: 2001-10-22 09:46:55 -0700 (Mon, 22 Oct 2001) $'
|
|
9
|
'$Revision: 853 $'
|
|
10
|
|
|
11
|
This program is free software; you can redistribute it and/or modify
|
|
12
|
it under the terms of the GNU General Public License as published by
|
|
13
|
the Free Software Foundation; either version 2 of the License, or
|
|
14
|
(at your option) any later version.
|
|
15
|
|
|
16
|
This program is distributed in the hope that it will be useful,
|
|
17
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
18
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
19
|
GNU General Public License for more details.
|
|
20
|
|
|
21
|
You should have received a copy of the GNU General Public License
|
|
22
|
along with this program; if not, write to the Free Software
|
|
23
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
24
|
-->
|
|
25
|
<!-- The root element represents a list of allow or deny records for
|
|
26
|
principals that should be either allowed or denied access to a resource. -->
|
|
27
|
<!ELEMENT acl (identifier+, (allow | deny)+)>
|
|
28
|
<!ATTLIST acl
|
|
29
|
authSystem CDATA #REQUIRED
|
|
30
|
order (allowFirst | denyFirst) "allowFirst"
|
|
31
|
>
|
|
32
|
<!-- The authentication system that this access file uses -->
|
|
33
|
<!-- The order in which the rules should be applied for this object -->
|
|
34
|
<!-- The public read access to this object -->
|
|
35
|
<!ELEMENT identifier (#PCDATA)>
|
|
36
|
<!ATTLIST identifier
|
|
37
|
system CDATA #IMPLIED
|
|
38
|
>
|
|
39
|
<!-- an allow rule adds the listed permission for a particular principal -->
|
|
40
|
<!ELEMENT allow (principal+, permission+, duration?, ticketCount?)>
|
|
41
|
<!-- a deny rule removes the listed permission for a particular principal -->
|
|
42
|
<!ELEMENT deny (principal+, permission+, duration?, ticketCount?)>
|
|
43
|
<!-- the user/group in the authentication system to whom this rule applies -->
|
|
44
|
<!ELEMENT principal (#PCDATA)>
|
|
45
|
<!-- the permission to be allowed or denied (read/write/all) -->
|
|
46
|
<!ELEMENT permission (#PCDATA)>
|
|
47
|
<!-- the duration of the permission -->
|
|
48
|
<!ELEMENT temporalCov (sngdate | mdattim | rngdates)>
|
|
49
|
<!ELEMENT caldate (#PCDATA)>
|
|
50
|
<!ELEMENT time (#PCDATA)>
|
|
51
|
<!ELEMENT begdate (#PCDATA)>
|
|
52
|
<!ELEMENT begtime (#PCDATA)>
|
|
53
|
<!ELEMENT enddate (#PCDATA)>
|
|
54
|
<!ELEMENT endtime (#PCDATA)>
|
|
55
|
<!ELEMENT mdattim (sngdate+)>
|
|
56
|
<!ELEMENT rngdates (begdate, begtime?, enddate, endtime?)>
|
|
57
|
<!ELEMENT sngdate (caldate, time?) >
|
|
58
|
<!ELEMENT duration (temporalCov)>
|
|
59
|
<!-- the number of accesses allowed by this rule if access is granted -->
|
|
60
|
<!ELEMENT ticketCount (#PCDATA)>
|
|
61
|
<!-- EOF -->
|