entitlement.xml revision 4a5f76e173fa7e8164ad9743bcdae43b1b8075ca
2N/A<?xml version="1.0" encoding="UTF-8"?>
2N/A
2N/A<!--
2N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2N/A
2N/A Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
2N/A
2N/A The contents of this file are subject to the terms
2N/A of the Common Development and Distribution License
2N/A (the License). You may not use this file except in
2N/A compliance with the License.
2N/A
2N/A You can obtain a copy of the License at
2N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
2N/A opensso/legal/CDDLv1.0.txt
2N/A See the License for the specific language governing
2N/A permission and limitations under the License.
2N/A
2N/A When distributing Covered Code, include this CDDL
2N/A Header Notice in each file and include the License file
2N/A at opensso/legal/CDDLv1.0.txt.
2N/A If applicable, add the following below the CDDL Header,
2N/A with the fields enclosed by brackets [] replaced by
2N/A your own identifying information:
2N/A "Portions Copyrighted [year] [name of copyright owner]"
2N/A
2N/A $Id: entitlement.xml,v 1.9 2010/01/07 00:19:12 veiming Exp $
2N/A
2N/A Portions copyright 2011-2014 ForgeRock AS.
2N/A-->
2N/A
2N/A<!DOCTYPE ServicesConfiguration
2N/A PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
2N/A "jar://com/sun/identity/sm/sms.dtd">
2N/A
2N/A<ServicesConfiguration>
2N/A <Service name="sunEntitlementService" version="1.0">
2N/A <Schema i18nFileName="" revisionNumber="20">
2N/A <Global>
2N/A <AttributeSchema name="usenewconsole"
2N/A type="single"
2N/A syntax="string"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value></Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="migratedtoentitlementservice"
2N/A type="single"
2N/A syntax="boolean"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>true</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="xacml-privilege-enabled"
2N/A type="single"
2N/A syntax="boolean"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>false</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="evalThreadSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="200"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>10</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="searchThreadSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="200"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>0</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="policyCacheSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="2147483647"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>100000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="indexCacheSize"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="2147483647"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>100000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A
2N/A <!-- entitlement notification, Connection timeout in millisec,
2N/A max 5 mins -->
2N/A <AttributeSchema name="entitlement-notifier-conn-timeout"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="300000"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>1000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="entitlement-notifier-retries"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="50"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>3</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <!-- duration between retries in millisec, max 5 mins -->
2N/A <AttributeSchema name="entitlement-notifier-duration-between-retries"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="300000"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>1000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A
2N/A <!-- Privilege change notification
2N/A Connection timeout in millisec, max 5 mins -->
2N/A <AttributeSchema name="privilege-notifier-conn-timeout"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="300000"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>1000</Value>
2N/A </DefaultValues>
2N/A </AttributeSchema>
2N/A <AttributeSchema name="privilege-notifier-retries"
2N/A type="single"
2N/A syntax="number_range"
2N/A rangeStart="0" rangeEnd="50"
2N/A i18nKey="">
2N/A <DefaultValues>
2N/A <Value>3</Value>
</DefaultValues>
</AttributeSchema>
<!-- duration between retries in millisec, max 5 mins -->
<AttributeSchema name="privilege-notifier-duration-between-retries"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="300000"
i18nKey="">
<DefaultValues>
<Value>3000</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="privilege-notifier-threadpool-size"
type="single"
syntax="number_range"
rangeStart="0" rangeEnd="20"
i18nKey="">
<DefaultValues>
<Value>5</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="network-monitor-enabled"
type="single"
syntax="boolean"
i18nKey="">
<DefaultValues>
<Value>false</Value>
</DefaultValues>
</AttributeSchema>
<AttributeSchema name="listeners"
type="list"
syntax="string"
i18nKey="" />
<SubSchema name="applicationTypes" inheritance="multiple">
<SubSchema name="applicationType" inheritance="multiple">
<AttributeSchema name="applicationClassName"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="actions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="searchIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="saveIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceComparator"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="nonBooleanActionValues"
type="list"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
</Global>
<Organization>
<SubSchema name="applications" inheritance="multiple">
<SubSchema name="application" inheritance="multiple">
<AttributeSchema name="applicationType"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="description"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="actions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="resources"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="subjects"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="conditions"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="entitlementCombiner"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="searchIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="saveIndexImpl"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="resourceComparator"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="subjectAttributeNames"
type="list"
syntax="string"
i18nKey="" />
<AttributeSchema name="meta"
type="list"
syntax="string"
i18nKey="" />
</SubSchema>
</SubSchema>
<SubSchema name="subjectAttributesCollectors" inheritance="multiple">
<SubSchema name="OpenSSOSubjectAttributesCollector" inheritance="multiple">
<AttributeSchema name="class"
type="single"
syntax="string"
i18nKey="" />
<AttributeSchema name="groupMembershipSearchIndexEnabled"
type="single"
syntax="boolean"
i18nKey="" />
</SubSchema>
</SubSchema>
</Organization>
</Schema>
<Configuration>
<GlobalConfiguration>
<SubConfiguration name="applicationTypes" id="applicationTypes">
<SubConfiguration name="iPlanetAMWebAgentService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>GET=true</Value>
<Value>POST=true</Value>
<Value>PUT=true</Value>
<Value>DELETE=true</Value>
<Value>HEAD=true</Value>
<Value>OPTIONS=true</Value>
<Value>PATCH=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
<Value>PATCH=true</Value>
<Value>ACTION=true</Value>
<Value>QUERY=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSearchIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>org.forgerock.openam.entitlement.indextree.TreeSaveIndex</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>LOOKUP=true</Value>
<Value>UPDATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>QUERY_allow=true</Value>
<Value>QUERY_deny=false</Value>
<Value>QUERY_interactForValue=false</Value>
<Value>QUERY_interactForConsent=false</Value>
<Value>MODIFY_allow=true</Value>
<Value>MODIFY_deny=false</Value>
<Value>MODIFY_interactForValue=false</Value>
<Value>MODIFY_interactForConsent=false</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="nonBooleanActionValues" />
<Value>QUERY=deny,allow,interactForValue,interactForConsent</Value>
<Value>MODIFY=deny,allow,interactForValue,interactForConsent</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>READ=true</Value>
<Value>MODIFY=true</Value>
<Value>DELEGATE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.RegExResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>CREATE=true</Value>
<Value>READ=true</Value>
<Value>UPDATE=true</Value>
<Value>DELETE=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.PrefixResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="banking"
id="applicationType">
<AttributeValuePair>
<Attribute name="actions" />
<Value>TRANSFER=true</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.ExactMatchResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="webservices"
id="applicationType">
<AttributeValuePair>
<Attribute name="applicationClassName" />
<Value>com.sun.identity.entitlement.WebServiceApplication</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="searchIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameSplitter</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="saveIndexImpl" />
<Value>com.sun.identity.entitlement.util.ResourceNameIndexGenerator</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resourceComparator" />
<Value>com.sun.identity.entitlement.URLResourceName</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</GlobalConfiguration>
<OrganizationConfiguration name="/">
<SubConfiguration name="registeredApplications"
id="applications">
<SubConfiguration name="iPlanetAMWebAgentService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="crestPolicyService" id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>crestPolicyService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerDiscoveryService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerDiscoveryService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://*</Value>
<Value>https://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunIdentityServerLibertyPPService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunIdentityServerLibertyPPService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.AttributeViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<!--<Value>com.sun.identity.admin.model.ActiveSessionTimeCondition</Value>-->
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunAMDelegationService"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>sunAMDelegationService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>sms://*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="openProvisioning"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>openProvisioning</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="paycheck"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://paycheck.sun.com:8081/*</Value>
<Value>http://paycheck.sun.com:8081/*/private</Value>
<Value>http://paycheck.sun.com:8081/*/users/*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.AndViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dnsName</Value>
<Value>ipRange</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="calendar"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://calendar.sun.com/*</Value>
<Value>http://calendar.sun.com/my/*</Value>
<Value>http://calendar.sun.com/admin</Value>
<Value>http://calendar.sun.com/*/calendars?calId=*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.OrViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="im"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>iPlanetAMWebAgentService</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>http://im.sun.com/register</Value>
<Value>http://im.sun.com/im.jnlp</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.IdRepoGroupViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoRoleViewSubject</Value>
<Value>com.sun.identity.admin.model.IdRepoUserViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>daysOfWeek</Value>
<Value>dnsName</Value>
<Value>ipRange</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
<SubConfiguration name="sunBank"
id="application">
<AttributeValuePair>
<Attribute name="applicationType" />
<Value>banking</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="resources" />
<Value>*</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="subjects" />
<Value>com.sun.identity.admin.model.BankingViewSubject</Value>
<Value>com.sun.identity.admin.model.VirtualViewSubject</Value>
<Value>com.sun.identity.admin.model.NotViewSubject</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="conditions" />
<Value>upperTransferLimit</Value>
<Value>lowerTransferLimit</Value>
<Value>anyTransferLimit</Value>
<Value>dateRange</Value>
<Value>daysOfWeek</Value>
<Value>timeRange</Value>
<Value>timezone</Value>
<Value>ipRange</Value>
<Value>or</Value>
<Value>and</Value>
<Value>not</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="entitlementCombiner" />
<Value>com.sun.identity.entitlement.DenyOverride</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
<SubConfiguration name="subjectAttributesCollectors"
id="subjectAttributesCollectors">
<SubConfiguration name="OpenSSO"
id="OpenSSOSubjectAttributesCollector">
<AttributeValuePair>
<Attribute name="class" />
<Value>com.sun.identity.entitlement.opensso.OpenSSOSubjectAttributesCollector</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="groupMembershipSearchIndexEnabled" />
<Value>false</Value>
</AttributeValuePair>
</SubConfiguration>
</SubConfiguration>
</OrganizationConfiguration>
</Configuration>
</Service>
</ServicesConfiguration>