Regarding combination algorithm, I would suggest keeping things as simple as possible, otherwise the repository would be very difficult to maintain in the long run. For example, if the default policy of the system is to "deny" all, you can have a policy for "student" role to "permit" access to certain things and another policy for "teacher" role to "permit" access other things. Hence if someone has both student and teacher roles, he/she would be able to access both of what student and teacher roles are permitted to do. The subtle point here is that I would try to avoid creating policies for students or teachers to "deny" things since that's where you would need to resolve the conflict via a combination algorithm if some is a both a teacher and student.
-chi Nishen Naidoo wrote: > Hi Julie, > > The following snippet is the correct one: > > <user name="dlibTest" password="xxxxx"> > <attribute name="fedoraRole"> > <value>student</value> > <value>teacher</value> > </attribute> > </user> > > And you don't need to do anything to the XACML side of things as it is > already configured to work with multiple roles... > > Thanks, > Nish > > > ------------------------------------------------------------------------ > Nishen Naidoo > Research Coordinator > Muradora Project Lead > Macquarie E-Learning Centre of Excellence (MELCOE) > MACQUARIE UNIVERSITY NSW 2109 > > E-Mail: [email protected] <mailto:[email protected]> > Phone: +61 (0)2 98506531 > Mobile: +61 (0)4 30006783 > Fax: +61 (0)2 98506527 > http://www.melcoe.mq.edu.au/ > > CRICOS Provider No 00002J > > This message is intended for the addressee named and may contain > confidential information. If you are not the intended recipient, > please delete it and notify the sender. Views expressed in this > message are those of the individual sender, and are not necessarily > the views of MELCOE or Macquarie University. > > > > > Julie Allinson wrote: >> Hi all, >> >> We're trying to test whether Muradora can be configured to use >> multiple roles, so that we can have a user who is both a student and >> a member of a particular course, for example which would allow them >> to see different collections of resources for their different roles. >> We're trying this using fedora-users.xml for starters and am not sure >> how to construct the XML. >> >> Are any of the following combinations correct? and has anybody done >> any work on combining user roles like this (or any other way!) which >> might help us (whether using Muradora or not). Is there a particular >> combing algorithm needed for the XACML policies? >> >> <user name="dlibTest" password="xxxxx"> >> <attribute name="fedoraRole"> >> <value>student</value> >> </attribute> >> <attribute name="fedoraRole"> >> <value>teacher</value> >> </attribute> >> </user> >> >> and, >> >> <user name="dlibTest" password="xxxxx"> >> <attribute name="fedoraRole"> >> <value>student</value> >> <value>teacher</value> >> </attribute> >> </user> >> >> and >> >> <user name="dlibTest" password="xxxxx"> >> <attribute name="fedoraRole"> >> <value>teacher</value> >> </attribute> >> </user> >> <user name="dlibTest" password="xxxxx"> >> <attribute name="fedoraRole"> >> <value>student</value> >> </attribute> >> </user> >> >> Thanks! >> >> Julie >> >> > > ------------------------------------------------------------------------ > > _______________________________________________ > DRAMA mailing list > [email protected] > http://www.federation.org.au/cgi-bin/mailman/listinfo/drama >
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
_______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
