all my comments refer to the CVS head.
karthikeyan kk wrote:
RBAC Contents store:The new RBAC will have the contents as xml files for each of the following,
Done.
a) Modules - containing the name of the gateways installed.
This is not possible because the important thing is not the name of the module. The important thing is the module's ID. The module consists of two parameters an id and a description. You can install ra interfaces on different machines only the module_id must differ.
b) Roles - containing the name of the role defined. Whenever the role is defined,
a conf and extension needed to be added to /etc/openssl/
Done.
c) Operation - containing only the name of the operation.
Done. The operations will be extracted from configuration of the commands.
d) Script - containing the configuration namely,
i) command name, ii) operation to bind script to, and iii) owner_arg -
key
serial of the request,certificate etc.
Done - works like the old mechanism but now the ACL is stored in a xml file.
e) Rights or Access Control List(ACL)- Module, Operation, followed by one or more roles.
Done.
The aim of using xml is reduce the effort of encoding to Base64 form and for future extensibility across a wide platform over the Internet.
This is one of the reason why I don't like the old implementation. I want to update my configuration with a texteditor and that's not possible if I use base64.
For the above, I plan to use the perlSAX from libxml parser with XQuery.
Ok, that's a good idea. It looks like you know much more about perl than I. I use XML::Twig which Harald recommended and I'm really happy with it. I can parse documents, edit them and store them in a human readable format.
Perhaps you can take a look at the CVS head but please take in mind that you must go to etc/ after the installation, edit config.xml and run configure_etc.sh. The access control configuration is in etc/access_control/ and etc/rbac/
I can send you a changed version of the documentation. I don't published it via ftp because this can result in big confusions if people reading the new documentation but using 0.9.1.
Thanks for the comments
Michael
P.S. the webinterface to configure the rights supports only explicit operation, roles etc. but if you editing acl.xml by hand then you can use regex like for the default acl.
--
-------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
(Computing Centre) Fax: +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
