<!--
       '$RCSfile: eml-access.dtd,v $'
       Copyright: 2000 Regents of the University of California and the
                  National Center for Ecological Analysis and Synthesis
     For Details: http://knb.ecoinformatics.org/

        '$Author: higgins $'
          '$Date: 2001-10-19 21:24:31 $'
      '$Revision: 1.15 $'

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-->
<!-- The root element represents a list of allow or deny records for 
       principals that should be either allowed or denied access to a resource. -->
<!ELEMENT acl (identifier+, (allow | deny)+)>
<!ATTLIST acl
  authSystem CDATA #REQUIRED
  order (allowFirst | denyFirst) "allowFirst"
>
<!-- The authentication system that this access file uses -->
<!-- The order in which the rules should be applied for this object -->
<!-- The public read access to this object -->
<!ELEMENT identifier (#PCDATA)>
<!ATTLIST identifier
  system CDATA #IMPLIED
>
<!-- an allow rule adds the listed permission for a particular principal -->
<!ELEMENT allow (principal+, permission+, duration?, ticketCount?)>
<!-- a deny rule removes the listed permission for a particular principal -->
<!ELEMENT deny (principal+, permission+, duration?, ticketCount?)>
<!-- the user/group in the authentication system to whom this rule applies -->
<!ELEMENT principal (#PCDATA)>
<!-- the permission to be allowed or denied (read/write/all) -->
<!ELEMENT permission (#PCDATA)>
<!-- the duration of the permission -->
<!ELEMENT temporalCov (sngdate | mdattim | rngdates)>
<!ELEMENT caldate (#PCDATA)>
<!ELEMENT time (#PCDATA)>
<!ELEMENT begdate (#PCDATA)>
<!ELEMENT begtime (#PCDATA)>
<!ELEMENT enddate (#PCDATA)>
<!ELEMENT endtime (#PCDATA)>
<!ELEMENT mdattim (sngdate+)>
<!ELEMENT rngdates (begdate, begtime?, enddate, endtime?)>
<!ELEMENT sngdate (caldate, time?) >
<!ELEMENT duration (temporalCov)>
<!-- the number of accesses allowed by this rule if access is granted -->
<!ELEMENT ticketCount (#PCDATA)>
<!-- EOF -->