Chapter 3: ServiceMap Document: Security Policies

You need to specify security policy information if you want to specify which user is authorized to invoke what operation (a.k.a method) on your service. Currently the XML schema for specifying the security policy information is only allows you to specify a list of users and groups who have access to the methods in your service and a lifetime for your policy.

Here is an example of a security policy element in a ServiceMap document

<policy>
    <group>extreme</group>
    <group>lead</group>
    <user>C=US,O=National Center for Supercomputing Applications,CN=Gopi Kandaswamy</user>
    <lifetime>24:00:00</lifetime>
</policy>

The above policy mentions two groups viz. extreme and lead and one user.

• If you want the aforesaid users/groups to have access to all the methods in your service, then you must put this policy information 'outside' all the methods in your service as shown below

• If you want the aforesaid users/groups to have access to only the method 'foo' and not the method 'bar' then you must put the policy information inside the method 'foo' and not inside the method 'bar' as shown below

<ServiceMap xmlns="http://www.extreme.indiana.edu/namespaces/2004/01/gFac"
            xmlns:lead="http://www.extreme.indiana.edu/lead">

  <service>...</service>
    <portType>
        <method>
           <methodName> foo </methodName>
           <policy>
               <group>extreme</group>
               <group>lead</group>
               <user>C=US,O=National Center for Supercomputing Applications,CN=Gopi Kandaswamy</user>
               <lifetime>24:00:00</lifetime>
           </policy>
        </method>

        <method>
            <methodName> bar </methodName>
        </method>
  </portType>
</ServiceMap>

[ << ] [ < ] [ Home ] [ > ] [ >> ]