Hi Michael,
I wish to build a fresh ACL for the RBAC. As Bell suggested a wish-list, I am proposing one as follows,(this is not yet final!) Any xml expert can give me suggestions or directions to further proceed from here.
RBAC Contents store:The new RBAC will have the contents as xml files for each of the following,
a) Modules - containing the name of the gateways installed.
b) Roles - containing the name of the role defined. Whenever the role is defined,
a conf and extension needed to be added to /etc/openssl/
c) Operation - containing only the name of the operation.
d) Script - containing the configuration namely,
i) command name, ii) operation to bind script to, and iii) owner_arg - key
serial of the request,certificate etc.
e) Rights or Access Control List(ACL)- Module, Operation, followed by one or more roles.
When each of them needs to be appended further to the already existing ones, I just go and add at the last. For ACL, I just want to have external references to each of the three things referred by. For this I am not sure, but I think its possible. Any XML experts can pls comment.
The aim of using xml is reduce the effort of encoding to Base64 form and for future extensibility across a wide platform over the Internet.
Accessibility: When the event is fired, the script while passing the module, script and certificate(only for https connection) will extract the role corresponding to the certificate or request serial and will check the corresponding module,operation and role from the access control list and if there is one, return true to the RAServer script to carry on the operation. Otherwise, the permission will be denied.
For the above, I plan to use the perlSAX from libxml parser with XQuery.
I will come with a detailed plan with the tools in the next update.
Best Regards
Karthikeyan
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
