> -----Original Message-----
> From: Eric Dobbs [mailto:[EMAIL PROTECTED]]
> Sent: 12 February 2002 16:55
> To: Turbine Developers List
> Subject: Re: Security Changes - blow by blow
...
> <AuthorizationPolicy>
> <grant>
> <principal class="o.a.t.security.turbine.Role">
> Anonymous
> </principal>
> <scope name="PublishedArticles">
> <permission>ReadArticle</permission>
> </scope>
> </grant>
...
Hows about extending this to a more general form?
The PrincipalSet IF is an extension of the Principal IF. It can contain a
set of Principals. A Subject must have a principalSet of the correct class
and name, containing a matching set of principals before the Permissions
associated with the top level PrincipalSet or Principal can be granted.
<AuthorizationPolicy>
<grant>
<principalSet class="o.a.t.security.turbine.SpecialAccess>
principalSetName
<principal class="o.a.t.security.turbine.KerberosLogin">
loginName
</principal>
<principal class="o.a.t.security.turbine.Project">
projectName
</principal>
<principal class="o.a.t.security.turbine.Role">
RoleName
</principal>
<principal class="o.a.t.security.turbine.Scope">
ScopeName
</principal>
</principalSet>
</grant>
<grant>
<principal class="o.a.t.security.turbine.Project">
projectName
</principal>
</grant>
<grant>
<principal class="o.a.t.security.turbine.Group">
groupName
</principal>
</grant>
</AuthorizationPolicy>
Chris
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
