Hi Tomasz Basing policies directly on XML content (and restricting access to XML content) is part of the XACML 2.0 spec as part of the Hierarchical Resource Profile - http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-s pec-os.pdf
However this is not implemented in FeSL (it would be interesting to know if there's a general need for this). It is possible to define XACML Resource attributes based on object and datastream properties that are specified in RELS-EXT and RELS-INT datastreams - the configuration for this is in $FEDORA_HOME/pdp/conf/config-attribute-finder.xml - so if you can get your attributes into RELS-EXT/RELS-INT then maybe this is a solution. The functionality of this has been enhanced for Fedora 3.5, some draft documentation for this is at https://wiki.duraspace.org/display/FEDORADEV/FeSL+Authorization - this may help you as the basic simple relationship-based attributes are present ni Fedora 3.4. FYI there's also some draft documentation on installation for 3.5 at https://wiki.duraspace.org/display/FEDORADEV/FeSL+Installation; feedback welcomed on both of these. Steve > -----Original Message----- > From: Tomasz Cielecki [mailto:tom...@ostebaronen.dk] > Sent: 30 May 2011 14:29 > To: fedora-commons-users@lists.sourceforge.net > Subject: [fcrepo-user] Using information from datastreams to > create FeSLpolicies. > > > Hello fcrepo-users, > > I find it a bit hard to understand how to write policies for > FeSL to authorize against attributes found in an object's data stream. > > For instance I have an object called note:1 which has the DC > record an RELS-EXT record and a data stream called content, > which content is in XML format. > > Is it possible to access data stored in the content data > stream through a policy? For instance I want to access an > organization id stored in that content data stream, which I > want to match a against a users attributes to see if the user > is allowed to access that object and its related objects. > > Maybe the attributes should be placed elsewhere? How do I access them? > > If you could be so kind to give me some examples to work with > as I find the ones in the wiki lacking or maybe I am > understanding them incorrectly. > > -- > With Best Regards > Tomasz Cielecki > > -------------------------------------------------------------- > ---------------- > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data > protection. Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
