Changes between Version 4 and Version 5 of RepAaa


Ignore:
Timestamp:
Oct 5, 2010, 3:17:31 PM (14 years ago)
Author:
tim.bauge
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • RepAaa

    v4 v5  
    1111Access control in SENSEI can be done on the basis of the user's privileges, or on the basis of payment. This choice is made by the resource provider. If the access control should be performed based on payment, the REP should be registered with a payment based AAA service. Instructions for this can be found [[wiki:PrivacyAndBilling|here]].
    1212If the access control should be performed based on privileges, the REP should be registered with a privilege based AAA service. Instructions for this can be found below.
    13 ==== Defining an access policy ====
     13=== Defining an access policy ===
    1414First a set of policies must be defined to specify the access rules which should apply. These are specified in a text file with the .drl extension.
    1515For the enthusiasts, a full description of the rules language can be found [[http://downloads.jboss.com/drools/docs/5.1.1.34858.FINAL/drools-expert/html/ch04.html|here]]. We would recommend keeping things simple, and therefore provide an example below.
     
    5252
    5353The roles which are evaluated in these rules are the roles contained in the tokens issued by the [wiki:Aaa|STS].
    54 ==== Registering the policy ====
     54=== Registering the policy ===
    5555There may be multiple AAA services running in the domain, and the resource provider must choose which to use (in a real life deployment they may differ in terms of SLAs, or service cost etc).
    5656The AAA service implementation is provided as a WAR file deployed in a servelet container (see [wiki:Aaa|here]), and the policy files should be placed in the "/WEB-INF/classes/authorisation-policies" folder of the WAR file, and the AAA service restarted.
    5757Adding, modifying or removing policies is done by changing the content of the "WEB-INF/classes/authorisation-policies" folder.
    58 ==== Configuring the Access Controlled REP ====
     58=== Configuring the Access Controlled REP ===
    5959The access controlled REP is provided as a WAR file, to be deployed in a servelet container such as Apache Tomcat. The REP must be configured in the messages.properties file located in /WEB-INF/classes directory of the WAR file.
    6060||= Property =||= Description =||