Adding to Steve, in Fedora 3.5 it would be possible to implement an AttributeFinderModule that parsed object content and emitted properties based on it. I'll post some notes on that to the list next week.
On 5/31/11, Stephen Bayliss <stephen.bayl...@acuityunlimited.net> wrote: > Hi Tomasz > > Basing policies directly on XML content (and restricting access to XML > content) is part of the XACML 2.0 spec as part of the Hierarchical Resource > Profile - > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-hier-profile-s > pec-os.pdf > > However this is not implemented in FeSL (it would be interesting to know if > there's a general need for this). > > It is possible to define XACML Resource attributes based on object and > datastream properties that are specified in RELS-EXT and RELS-INT > datastreams - the configuration for this is in > $FEDORA_HOME/pdp/conf/config-attribute-finder.xml - so if you can get your > attributes into RELS-EXT/RELS-INT then maybe this is a solution. > > The functionality of this has been enhanced for Fedora 3.5, some draft > documentation for this is at > https://wiki.duraspace.org/display/FEDORADEV/FeSL+Authorization - this may > help you as the basic simple relationship-based attributes are present ni > Fedora 3.4. > > FYI there's also some draft documentation on installation for 3.5 at > https://wiki.duraspace.org/display/FEDORADEV/FeSL+Installation; feedback > welcomed on both of these. > > Steve > >> -----Original Message----- >> From: Tomasz Cielecki [mailto:tom...@ostebaronen.dk] >> Sent: 30 May 2011 14:29 >> To: fedora-commons-users@lists.sourceforge.net >> Subject: [fcrepo-user] Using information from datastreams to >> create FeSLpolicies. >> >> >> Hello fcrepo-users, >> >> I find it a bit hard to understand how to write policies for >> FeSL to authorize against attributes found in an object's data stream. >> >> For instance I have an object called note:1 which has the DC >> record an RELS-EXT record and a data stream called content, >> which content is in XML format. >> >> Is it possible to access data stored in the content data >> stream through a policy? For instance I want to access an >> organization id stored in that content data stream, which I >> want to match a against a users attributes to see if the user >> is allowed to access that object and its related objects. >> >> Maybe the attributes should be placed elsewhere? How do I access them? >> >> If you could be so kind to give me some examples to work with >> as I find the ones in the wiki lacking or maybe I am >> understanding them incorrectly. >> >> -- >> With Best Regards >> Tomasz Cielecki >> >> -------------------------------------------------------------- >> ---------------- >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data >> protection. Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> Fedora-commons-users mailing list >> Fedora-commons-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
