Introduction

Xregistry is a Document registry that supports users, recursive groups and sharing. It is designed for LEAD atmospheric discovery project and supports four specific document types (Host Descriptions, Application Descriptions, Service Descriptions and Concrete WSDLs) and �Any document type�. It consists of a one persistent server that provides a Web Service interface to manage documents.

Xregistry is three registries under one Umbrella.

  1. Registry of Xml documents- Support Add, Delete, Get and find documents
  2. Registry of Users and Groups - provides Recursive User and Group support, See User, Group support and sharing documents for more information.
  3. Capability Registry - users can define capability rules saying resource "A" is accessible to User or Group "B". Also given a resource and a User, Xregistry can be asked "Does user have access to the resource?"

Install XRegistry

  1. You need a MySQL server running, create a database called ServiceReg
  2. Download Xregistry binary installation
  3. Unzip Xregistry binary to given location.
  4. Change directory to unzipped directory
  5. Edit the xregistry.properties and provide a databaseUrl=your-database
  6. Start the registry by ./xregistry.sh xregistry.properties
  7. When service is started, it prints the service URL where it is available and the WSDL, and hangs waiting for connections. This is normal and it will hangs as long as the service is running. You can kill the service by Ctrl + C
  8. You can verify the installation by visting https://host:port/xregistry

Supported Operations

Following table presents the operations supported by Xregistry

Document Registry
Operation Description
String registerServiceDesc( String serviceDescAsStr, String awsdlAsStr)
void registerAppDesc(String appDescAsStr)
String registerConcreteWsdl( String wsdlAsStr, int lifetimeAsSeconds)
String registerHostDesc( String hostDescAsStr)
void registerResource(QName resourceName, String resourceAsStr)
 Register a new Document
DocData[] findHosts(String hostName)
DocData[] findResource(String resourceNameQuery)
DocData[] findServiceDesc(String serviceName)
DocData[] findServiceInstance(String serviceName)
xregistry.doc.AppData[] findAppDesc(String query)		 Search for a document
void removeAppDesc(QName appName, String hostName)
void removeConcreteWsdl(QName wsdlQName)
void removeHostDesc(String hostName)
void removeServiceDesc(QName serviceName)
void removeResource(QName resourceName)
 Remove a documement
String getAbstractWsdl(QName wsdlQName)
String getAppDesc(String appName, String hostName)
String getConcreateWsdl(QName wsdlQName)
String getHostDesc(String hostName)
String getResource(QName resourceName)
String getServiceDesc(QName serviceName)		 Retrive a Document
String[] app2Hosts(String appName) Search for all host where given application is installed
Capability Registry
Operation Description
void addCapability(String resource, String actor, boolean isUser, String action) Add a new Capability rule to Capability registry
CapabilityToken[] findCapability(String resourceID, String actor, boolean actorType, String action) find a Capability
void removeCapability(String resourceID,String actor) remove a capability
boolean isAuthorizedToAcsses(String user, String resourceID, String actor, String action) Given a resource and a user, decide does user has access to the given resource. Together with findCapability(..), this method may be used to build a authorization framework.
Group & User Registry
Operation Description
void createUser(String newUser,String description)
void createGroup(String newGroup,String description)		 Create a new Actor, the description is a english language description.
void addUsertoGroup(String group,String usertoAdded)
void removeUserFromGroup(String group,String usertoRemoved)
void removeGroupFromGroup(String group,String grouptoRemoved)		 Methods to edit the tree of users and groups.
void deleteUser(String userID)
void deleteGroup(String groupID)		 Delete a Actor.
String[] listUsers()
String[] listGroups()
String[] listGroupsGivenAUser(String targetUser)
String[] listSubActorsGivenAGroup(String group)
 Methods to search the tree of users and groups.

Architecture

Xregistry consists of a single server that exports a Web Service interface for all Xregistry operations. Data is stored in a MySQL database backend and registry indexes each document using a key so that they can be search or retrieved later. The Owner may share the document with other, and he will do so by adding an entry to capability repository. Its operation can be explained as follows.

Xregistry In Action

  1. When Xregistry is started up, it creates a in memory model of Users and groups tree, which would be used to answer queries regarding access rights. However updates to this tree are immediately written to persistent storage. It is assumed that number of Users and groups would not be prohibitive.
  2. When a request is received, it is first parsed and operation is identified. User name is obtained from the client credentials provided to SSL connection. Then request is directed to authorization module that verifies user is allowed to perform the given operation.
  3. If request is cleared to access by authorization module, SQL queries are built to serve the request and executed.
  4. If request is a query, results are again filtered to remove the items that are not accessible to the user. So if user do a list on document he will only see document that are accessible to himself.
  5. If there are results, they are convert back to XML and send back as a SOAP response

Concrete WSDLs has a soft lifetime, and unless it is registered, it will be removed after it's lifetime. All other documents has persistent lifetime and they are removed only if explicitly removed from registry.

Xregristry Utilize SSL security and clients need a certificate signed by a CA trusted by Xregistry to connect to Xregistry. The Distinguished Name (DN), of the user is used as user name with in Xregistry.

User, Group support

Gfac provides Users and recursive group support based on following primitives

  1. Every document has a Owner (Owned User) and he has all rights to that document
  2. Users may belongs to groups and groups may in turn belong to other groups
  3. Every document can be shared with a group or users, and if document shared with a group, that document is accessible by all users contained with in that group by recursively traveling the group tree. (e.g. if lead group has extreme group has sub group, extreme group users has access to all the resources assigned to lead group. But resources assigned to group extreme does not visible to users in lead group.)
  4. New users are created first time they access the registry and they will be added to public group.

Capability Support

Capability is a rule of the form Allow ACTOR to ACTION RESOURCE, e.g. Allow A to READ linbox3. Xregistry maintain a table for capabilities. While specifying capabilities following roles are supported.

  1. All - All rights on a given resource
  2. AddNew - Can perform add new resources
  3. Read - Can read the resource
  4. Write - Can delete the resource
  6. ResourceAdmin - Can administrate resource, that means he can share the resource with others
  7. SysAdmin - Can edit users and groups

In order to find all the resource accessible to a given user, first a list of groups are found such that given user is a descendant of that group. Then a resource list is constructed collecting all the resource assigned to each group on that list. Finally the resource list is completed by adding resource owned by the user.

XRegistry Shell

  1. Create a file called .xregistry in your home directory and provide following properties
  2. You can start the client shell for Xregistry by running $xregistryShell.sh https://host:port/xregistry?wsdl, type ? for help.

XRegistry API

  1. Create a property file as described in Xregistry Shell
  2. Add all the jar files in the lib directory
  3. You can create a client(s) using following code segments. 
                     GlobalContext context = new GlobalContext(true);
                 //For Generel Client
                 DocumentRegistryClient client = new DocumentRegistryClient(context,regsitryURL);
                 ....... 
                 //For Admin Client
                 AdminClient client = new AdminClient(context,regsitryURL);
                 .....

Gfac User Guide contains more information about sharing document using GFac portlets

Administrate Xregistry users and Groups using portlet interface

Groups and users can be edited and documents can be shared using portlrt interface provide by Gfac. Please refer to Gfac User Guide for installation instructions for the portlet.

Groups can be edited using "EditGroup" button which will yield following screen

Left most column shows the actors (User or Group) included in current group and they can be added and actors can be added or removed from right hand columns.You must click update Capability button to make your changes permanent.

Copyright © 2002-2007 The Trustees of Indiana University. All rights Reserved.