Forgive my slowness in putting these concepts together, but I might need some more hints on how to write a custom filter.
What I need is to pass: - a user ID (the current Fedora user) - an action name (a Fedora/external app mapped action, or a CRUD action) - a resource ID (a field in a datastream in the Fedora object being accessed, referring to a Pkey in the external app) - a datastream ID (specific datastream or field being accessed by the Fedora user) to my external API (along with a username/pass for Fedora to access that API). I should get back a "permit", "deny", "not applicable" or "indeterminate" response from the external API and use that as a policy result - which I might have then to combine with other Fedora-specific policies. How can I create a request with those data in Fedora? Do I have to create a new Java class and refer to it in config-pdp? Thanks, s > > > > Message: 1 > Date: Thu, 16 May 2013 12:24:17 -0400 > From: Benjamin Armintor <[email protected]> > Subject: Re: [fcrepo-user] Two authorization questions > To: "Support and info exchange list for Fedora users." > <[email protected]> > Message-ID: > <cadqq8tpt0kduo-4bs_+ediqpd0+okolvwmm9v9jvahzneyh...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Stefano- > Depending on how much you need to have both XACML and the external > authorization, you could probably just implement alternative authorization > filters and wire them into the Spring configuration. With a couple of > noteworthy exceptions, FESL expects the filters to do the authZ work (and > deal directly with the XACML machinery). > > - Ben > > > On Thu, May 16, 2013 at 12:17 PM, Stefano Cossu <[email protected]> wrote: > >> Hi there, >> My team and I are building a Fedora repository and we are starting to >> wrap our heads around FeSL and the XACML specifications. >> >> The repository we are building has to necessarily rely on an external >> application to apply some of its policies. The external application >> should be accessed via HTTP request with something like: "Can user John >> Doe read the EXIF data for image 12345ABC?" and receive a positive or >> negative outcome which will determine the result of the authorization >> policy. I have looked around on how to do this, but I'm not sure about >> how to approach the problem. >> >> Any suggestions? >> >> Thanks >> Stefano >> >> >> ------------------------------------------------------------------------------ >> AlienVault Unified Security Management (USM) platform delivers complete >> security visibility with the essential security capabilities. Easily and >> efficiently configure, manage, and operate all of your security controls >> from a single console and one unified framework. Download a free trial. >> http://p.sf.net/sfu/alienvault_d2d >> _______________________________________________ >> Fedora-commons-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> > ------------------------------------------------------------------------------ AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
