Just an example of 'outside ML' access control. My ML app uses an in-house web service which is used for authentication across all corporate applications. I use basic ML authentication to provide the login page with just enough privs to run (script but no DB access) then use a simple POST command to our corp intranet web service, which validates the login against some magic black-box business rules and returns a session ID. I then do an xdmp:login to a more privileged user and am on my merry way
---------------------------------------- David A. Lee Senior Principal Software Engineer Epocrates, Inc. [email protected] 812-482-5224 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Geert Josten Sent: Thursday, November 25, 2010 2:16 AM To: General MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] Attribute Based Access Control Hi Dennis, MarkLogic Server supports only role-based access control, but you can superimpose your own access control model if you like. On the other hand, it is not uncommon that authentication and access control is essentially managed outside of MarkLogic Server alltogether. Instead, it can be managed in a Java or .Net application layer on top op MarkLogic Server for instance. I expect there are readily available solutions for those languages. I am not sure about implementations in MarkLogic or plain Xquery.. Anyone? Kind regards, Geert > drs. G.P.H. (Geert) Josten Consultant Daidalos BV Hoekeindsehof 1-4 2665 JZ Bleiswijk T +31 (0)10 850 1200 F +31 (0)10 850 1199 mailto:[email protected] http://www.daidalos.nl/ KvK 27164984 De informatie - verzonden in of met dit e-mailbericht - is afkomstig van Daidalos BV en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, verzoeken wij u het te verwijderen. Aan dit bericht kunnen geen rechten worden ontleend. > From: [email protected] > [mailto:[email protected]] On Behalf Of Dennis > Sent: woensdag 24 november 2010 23:16 > To: [email protected] > Subject: [MarkLogic Dev General] Attribute Based Access Control > > > Hello, > > I am new to the group and have a question related to the > ability of MarkLogic to implement an Attribute-Based Access > Control (ABAC) mechanism. > > I see support for the Role-based access, but I do not see > support for the ABAC mechanism. > > Are there any links to which I can be directed for an ABAC solution? > > Thank You > > > > > "Lead, follow or get out of the way" - Thomas Paine ( U.S. > Founding Father 1737-1809 ) > > _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
