Hi Tomasz At a high level I think what you are saying fits within XACML - though I'm not sure how much will be present within the current FeSL implementation.
It is possible to base policies on the content that is being added - for instance in the modifyDatastream method it is possible to restrict access based on the new value of MIMEType (instead of the existing value). One thing we have not implemented yet is resource attributes based on datastream XML content - so the ability to restrict access based on node values in an XML datastream. I see no reason in principle why this couldn't be extended to cover also the XML content being added as well as the existing content (though I'm not sure of the implications on implementing this - especially how a Resource AttributeFinderModule would be set up to operate on the to-be-added content rather than the existing content). And it is possible to construct policies comparing subject and resource attributes, so in theory it should be possible to compare your (subject) role with a role specified in the content to be added. Would it be possible for you to describe in a little more detail your use case? Regards Steve > -----Original Message----- > From: Tomasz Cielecki [mailto:tom...@ostebaronen.dk] > Sent: 25 July 2011 15:02 > To: Support and info exchange list for Fedora users. > Subject: [fcrepo-user] Controlling values in objects on creation > > > Hey fedora users, > > I think I got the hang of writing policies now but I want to > know if it is possible to somehow control the values when, > say, creating a new object called user in the database? For > instance if I the subject that wants to create a new object > only have the permission of creating a user with the same > role as I have and roles that have less permissions than my role. > > Or another example. If a subject belonging to a specific > organization is only allowed to create objects of the type > note within his own organization? > > Is that even possible with an XACML policy? > > -- > With Best Regards > Tomasz Cielecki > > -------------------------------------------------------------- > ---------------- > Storage Efficiency Calculator > This modeling tool is based on patent-pending intellectual > property that has been used successfully in hundreds of IBM > storage optimization engage- ments, worldwide. Store less, > Store more with what you own, Move data to > the right place. Try It Now! > http://www.accelacomm.com/jaw/sfnl/114/51427378/ > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
