Changes between Version 4 and Version 5 of RepAaa
- Timestamp:
- Oct 5, 2010, 3:17:31 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
RepAaa
v4 v5 11 11 Access control in SENSEI can be done on the basis of the user's privileges, or on the basis of payment. This choice is made by the resource provider. If the access control should be performed based on payment, the REP should be registered with a payment based AAA service. Instructions for this can be found [[wiki:PrivacyAndBilling|here]]. 12 12 If the access control should be performed based on privileges, the REP should be registered with a privilege based AAA service. Instructions for this can be found below. 13 === = Defining an access policy ====13 === Defining an access policy === 14 14 First a set of policies must be defined to specify the access rules which should apply. These are specified in a text file with the .drl extension. 15 15 For the enthusiasts, a full description of the rules language can be found [[http://downloads.jboss.com/drools/docs/5.1.1.34858.FINAL/drools-expert/html/ch04.html|here]]. We would recommend keeping things simple, and therefore provide an example below. … … 52 52 53 53 The roles which are evaluated in these rules are the roles contained in the tokens issued by the [wiki:Aaa|STS]. 54 === = Registering the policy ====54 === Registering the policy === 55 55 There may be multiple AAA services running in the domain, and the resource provider must choose which to use (in a real life deployment they may differ in terms of SLAs, or service cost etc). 56 56 The AAA service implementation is provided as a WAR file deployed in a servelet container (see [wiki:Aaa|here]), and the policy files should be placed in the "/WEB-INF/classes/authorisation-policies" folder of the WAR file, and the AAA service restarted. 57 57 Adding, modifying or removing policies is done by changing the content of the "WEB-INF/classes/authorisation-policies" folder. 58 === = Configuring the Access Controlled REP ====58 === Configuring the Access Controlled REP === 59 59 The access controlled REP is provided as a WAR file, to be deployed in a servelet container such as Apache Tomcat. The REP must be configured in the messages.properties file located in /WEB-INF/classes directory of the WAR file. 60 60 ||= Property =||= Description =||