<AccessControl> element is the root of an XML-based access control policy that prevents access to a resource unless the user's session satisfies the policy. It's a simple, boolean-capable language provided as an example of how to implement an access control plugin.
Any one (and only one) of the following elements can appear:
A single access rule to enforce.
A single regular expression access rule to enforce.
An operator for combining any number of rules or operators with a disjunction.
An operator for combining any number of rules or operators with a conjunction.
An operator for reversing the meaning of a single rule or operator.
The example below would enforce a policy that allows only Ohio State faculty or students, other than a single blacklisted person, if they have authenticated with a password or a time-synchronized token.