That's an interesting, and tricky, use case. Any reason why you'd deliver that decision from an external application, and not in a fixed policy datastream?
One approach occurs to me: have the external authorizing webservice return a XACML response to a query, then make the FESLPOLICY datastream an externally-managed datastream that points to your web service. This approach is pretty crude, and not without its problems, as I believe Fedora caches its policy evaluations. A custom attribute finder might do the job, too. Here's the wiki page on how FeSL implements Policies: https://wiki.duraspace.org/display/FEDORA36/FeSL+Authorization You may be be able to do more under the hood with the Sun XACML PDP evaluation engine API. Ben's approach is even more direct, if you prefer to skip XACML altogether. -- Scott On 05/16/2013 11:17 AM, Stefano Cossu wrote: > Hi there, > My team and I are building a Fedora repository and we are starting to > wrap our heads around FeSL and the XACML specifications. > > The repository we are building has to necessarily rely on an external > application to apply some of its policies. The external application > should be accessed via HTTP request with something like: "Can user John > Doe read the EXIF data for image 12345ABC?" and receive a positive or > negative outcome which will determine the result of the authorization > policy. I have looked around on how to do this, but I'm not sure about > how to approach the problem. > > Any suggestions? > > Thanks > Stefano > > ------------------------------------------------------------------------------ > AlienVault Unified Security Management (USM) platform delivers complete > security visibility with the essential security capabilities. Easily and > efficiently configure, manage, and operate all of your security controls > from a single console and one unified framework. Download a free trial. > http://p.sf.net/sfu/alienvault_d2d > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > -- Scott Prater Shared Development Group General Library System University of Wisconsin - Madison [email protected] 5-5415 ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
