Hi Shawn, Do you have any plan to introduce permission object attributes? At this moment i saw at LDAP that "ftObjNm" can have a children with "ftOpNm". Perhaps it is also possible to have other children like "ftAttNm" and allow it to map the roles attribute inside those object.
Anyway, i only want to know what inside your head about these feature enhancement in the future. The motivation about my question is when specific user(registered at fortress) ask for the object from fortress and fortress could answer it with these possibility : a. access denied because of the user doesn't have permission to see those object b. access granted, object and attribute is given but only for the attribute that mapped to his role. c. access granted but since no attribute is mapped, then only the object returned. Do you have any link or resources that i can read regarding to this requirement? I forget the document number for combining RBAC and ABAC standard. Regards, Yudhi Karunia Surtan
