[Wsf-general] data services and resources
Sanjiva Weerawarana
sanjiva at wso2.com
Wed Mar 14 09:01:05 PDT 2007
sumedha rubasinghe wrote:
> 1. IMHO we also need to consider content filtering based on given
> parameters / logged in user credentials.
>
> eg. A customer should only see orders placed by himself only.
In general yes but I'd like to get this working before adding security
stuff properly.
> 2. Just my 2 cents on following statement.
> "The database administrator will create a configuration file [xml] with
> the needed details for exposing the required data in the database."
>
> <databases>
> <database name="xs:NMTOKEN">
> <resource type="TABLE | VIEW | STORED-PROCEDURE | FUNCTION"
> name="xs:NMTOKEN">
> <operation name="SELECT | UPDATE | DELETE | UPDATE">
> <allowed>
> <role></role>+
> <allowed>
> </operation>
> <resource>
> <database>
> </databases>
>
>
> *Example.....*
>
> <databases>
> <database name="orderdb">
> <resource type="TABLE" name="customers">
> <operation="select">
> <allowed>
> <role>admin</role>
> <role>guest</role>
> <role>general</role>
> </allowed>
> </operation>
> <resource>
> <database>
> </databases>
>
Good start; please edit the wiki and put this as a strawman proposal!
Thanks for the feedback. Others?
Sanjiva.
--
Sanjiva Weerawarana, Ph.D.
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
email: sanjiva at wso2.com; cell: +94 77 787 6880; fax: +1 509 691 2000
"Oxygenating the Web Service Platform."
More information about the Wsf-general
mailing list