[Wsf-general] data services and resources

Chamil Thanthrimudalige chamil at wso2.com
Tue Mar 13 23:51:02 PDT 2007 

On Mar 14, 2007, at 11:45 AM, sumedha rubasinghe wrote:

> 1. IMHO we also need to consider content filtering based on given  
> parameters / logged in user credentials.
>
> eg. A customer should only see orders placed by himself only.
>
>
> 2. Just my 2 cents on following statement.
> "The database administrator will create a configuration file [xml]  
> with the needed details for exposing the required data in the  
> database."
>
> <databases>
> <database name="xs:NMTOKEN">
>  <resource type="TABLE | VIEW | STORED-PROCEDURE | FUNCTION"  
> name="xs:NMTOKEN">
>    <operation name="SELECT | UPDATE | DELETE | UPDATE">
>       <allowed>
>          <role></role>+
>       <allowed>
>    </operation>
>  <resource>
> <database>
> </databases>
>
>
> *Example.....*
>
> <databases>
> <database name="orderdb">
>  <resource type="TABLE" name="customers">
>    <operation="select">
>    <allowed>
>        <role>admin</role>
>        <role>guest</role>
>        <role>general</role>
>    </allowed>
>    </operation>
>  <resource>
> <database>
> </databases>

I think if the access is related to the database the db admin can set  
the access in the db itself and set the service up so that the db  
does the access control. If from the side of WSAS we can let our  
security module take care of service/operation level access control  
and setting up of such access control.

Best Regards,
Chamil Thanthrimudalige



>
>
> /sumedha
>
>
>
>
> Sanjiva Weerawarana wrote:
>> FYI I've kept on tweaking and editing it .. sorry if u read it  
>> already.
>>
>> Sanjiva.
>>
>> Sanjiva Weerawarana wrote:
>>> Hi .. last week I spent some time with the data services guys and  
>>> discussed ways of fixing and finalizing the data services  
>>> descriptor. I've thought thru this more and believe we now have  
>>> enough to handle all the scenarios James brought up and more. I  
>>> need to do some examples (and to complete the resource part and  
>>> deal with UPDATE etc. queries) but please take a look and comment.
>>>
>>> See: http://www.wso2.org/wiki/display/wsf/Data+Services+and 
>>> +Resources
>>>
>>> I've borrowed quite a bit from WADL etc. but there's ways to go  
>>> yet. Everyone please review.
>>>
>>> I'd *really* like to get a first cut of the data services stuff  
>>> done (with this lang cleaned up) by the end of the month!
>>>
>>> Sanjiva.
>>
>
>
> _______________________________________________
> Wsf-general mailing list
> Wsf-general at wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-general

More information about the Wsf-general mailing list