I'm starting the work on https://issues.apache.org/jira/browse/JUDDI-558 and was looking for some suggestions.
Basically I'm trying to build a pluggable Authorization engine that has a bunch of methods to help facilitate access control decisions. UDDI is kind of unique in which we have both getXXXDetails and find_XXX with paging. Right now, i'm just working on defining what the API looks like. In the process of doing so, I was also attempting to apply the changes in parallel to the inquiry service. getXXXdetails is easy a relatively easy to implement function find_XXX is a bit more difficult. From the Inquiry API Impl, I can insert a "Filter" method which removes all items that the requestor doesn't have at least read access to. This however requires updates to the ListDescription information which inevitability leads towards errors with paging through search results. Long story short, but I'm not sure if there's an easy way to incorporate access control filtering on queries. Any ideas?
