<?xml version=“1.0” encoding=“UTF-8”?> <Policy xmlns=“urn:oasis:names:tc:xacml:1.0:policy”

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      PolicyId="deny-purge"
      RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description>deny any object or datastream purging except for those in the legacy namespaces</Description>
<Target>
  <Subjects>
    <AnySubject/>
  </Subjects>
  <Resources>
    <AnyResource/>
  </Resources>
  <Actions>
    <Action>
      <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-purgeObject</AttributeValue>
        <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
          AttributeId="urn:fedora:names:fedora:2.1:action:id"/>
      </ActionMatch>
    </Action>
    <Action>
      <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-purgeDatastream</AttributeValue>
        <ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
          AttributeId="urn:fedora:names:fedora:2.1:action:id"/>
      </ActionMatch>
    </Action>
  </Actions>
</Target>
<Rule RuleId="1" Effect="Deny" />

</Policy>