OpenSSO rights
The roadmap for OpenSSO said the rights will be released in summer 09. Does anyone know if he can solve the data layer security issue, for example "userA can only enter <500 in this field on the screen OR" UserA can only see these values ββin the dropdown ".
As it is implemented in organizations, each application controls the security of the data layer or there are some who have a corporate repository.
thanks
yes, this is exactly the problem that OpenSSO Entitlements are designed to address. Last week I showed off a JavaOne demo that showed a demo of a mobile account management system with three policies:
- Each phone user can read their own permissions (like download music / video) and call log.
- The account owner can read and write the permissions of all phones in the account and view the call logs for all phones in the account.
- The account owner can read and write account information (such as billing address).
I'll post the source code for a demo and explain how to deploy it to my blog .
To answer the second part of your question, there is a corporate repository for policy, but it is applied based on the application. In the demo, most of the enforcement is done through a servlet filter that makes call permissions for each requested URL. This works well as we have used RESTful web services that express the requested resource in a URL. At one point, we made an explicit policy call because the URL pattern did not match the policy β the client could navigate to the account resource using the phone's URL. I expect that I could create another policy to handle this, but I really wanted to show an explicit request for the right.
a source to share