Hi Maarten
Are you using FeSL Authorization?
Some example files would probably be useful to understand what you're trying
to achieve here. As far as I can tell from your email, Datastream 4 in
Object A is the POLICY datastream, and this is an "E" (external) datastream,
and you want this to be dynamically generated using XSLT - is that correct?
Regards
Steve
-----Original Message-----
From: UB Mailing Subscription [mailto:ubmailsubscript...@gmail.com]
Sent: 11 October 2010 14:19
To: fedora-commons-users@lists.sourceforge.net
Cc: j.odeker...@maastrichtuniversity.nl; m.seeg...@maastrichtuniversity.nl
Subject: [fcrepo-user] Help required on dynamic policy streams (using
xsltstylesheet)
Dear all,
Within a Fedora 3.4 installation, I would like to enforce object policies in
an external referenced datastream. When I implement this, things work fine
if the referenced datastream from object A is referencing to a xml
datastream in another object B, which contains correct XACML.
Next, I want to change the static XACML to be dynamic, depending on a xml
value in another datastream in object A. In my case, this is a date after
which the policy must be less strict than before this date.
The objective of the policies in object B is to protect access to the
managed content stream of object A.
What objects did I create (next to the objects of being able to apply the
stylesheet to an xml datastream)?
- Object A
+ Datastream 1: xml (containing date variable)
+ Datastream 2: stylesheet
+ Datastream 3: serviceDefinition
+ Datastream 4: external reference to URL, applying stylesheet to xml
datastream
+ Datastream 5: managed content(e.g. pdf file)
- Object B
+ Datastream 1: xml (XACML policy 1)
+ Datastream 2: xml (XACML policy 2)
+ Datastream 3: xml (XACML policy 3)
What happens?
When I disable policy enforcement in the fedora.fcfg file, the URL of the
policy datastream of object A gives me correct XACML in xml format, exactly
the same as a static link to an object B datastream. So the stylesheet and
the service work fine, the resulting XACML is indeed depending on the date
in datastream 1 of object A.
When I enable policy enforcement, I can not access any datastream anymore in
object A, whereas the policy only blocks access to the managed content
datastream, even if I remove all global policy files from their location in
the Fedora default dir and restart tomcat.
Question: Is the approach of dynamic policies like described above possible?
If yes, what am I doing wrong? If requested, I can send example xml, xslt
and xacml files. If no, are there any other options to get this desired
protection behaviour of Fedora?
Any suggestions are welcome,
Regards,
Maarten Seegers
Maastricht University
The Netherlands
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
