JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for PERMIS-USERS Archives


PERMIS-USERS Archives

PERMIS-USERS Archives


PERMIS-USERS@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

PERMIS-USERS Home

PERMIS-USERS Home

PERMIS-USERS  November 2006

PERMIS-USERS November 2006

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: Action Naming with Spaces

From:

Meitham Jamaa <[log in to unmask]>

Reply-To:

For users/administrators of the PERMIS authorisation software <[log in to unmask]>

Date:

Fri, 3 Nov 2006 23:00:41 +0000

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (195 lines)

Hi David,

The problem raised when I used the *Permis Wizard* to write a Permis
Policy of a *Zope Product*. Since *Zope actions* has *spaces* and I was
not aware that *Permis* does not support *spaced action*, I added a list
of *Zope actions* into the *Permis wizard* and I ended up having a long
string in the *XML Policy* which looked like this:

            <TargetList>
*                <Target Actions="Manage, Copy or Move, Manage WebDAV
Locks, Undo changes">*
                    <TargetDomain ID="Zope.Folder"/>
                </Target>
            </TargetList>

The *editor* did not complain about the spaces, nor the *Parser* did.
*PermisRBAC* still *deny* actions that I am not allowed to do and
*Permit* actions I am allowed to do including the *Manage* action in the
example above. When I try actions like *Undo changes* or *Manage WebDAV
Locks* Permis *deny* the action returning *false* from the method
*decision* which is the value I expect for a *denied action (not for a
non acceptable action)*. I tried used the first part of the action until
the space but then it says *non acceptable action*.

If Permis handles each action in its own string e.g. *Action = "Manage",
Action="Undo Changes"* then it would solve my problem. But as you said
that requires changing the *XML schema*, Will that be possible?
Otherwise as Grahame said, We will do *name mapping*. My proposition is:
*Permis* as an *RBAC* is better than *ZCML* and *XACML* in many
features, but this would be counted as a bug especially for *Zope*
developers as they used to have *spaces* in the *action's naming*.

Kindest regards

Meitham

David Chadwick wrote:
> Hi Grahame
>
> PERMIS should treat an Action as a transparent string, so in principle
it should not be a problem to allow spaces. I think however that the XML
schema for the
> PERMIS policy requires it to be a spaceless string. So changing the
policy parsing code might be a bit more difficult. However, have tried
to enclose the action in
> quotes to see if that works?
>
> regards
>
> David
>
>
> Grahame Cooper wrote:
>
> Just to provide a bit more background. We see two possible ways to solve
> the problem.
>
> One is to change PERMIS so that it can handle action names with spaces
> in them.
>
> The other is to do some name mapping involving escape characters of some
> kind. (E.g. changing every occurrence of "<sp>" in a Zope name to "._"
> and every occurrence of "." to "..", and a similar mapping back the
> other way.)
>
> Clearly, the first option is more desirable because it causes less
> confusion for the user, but the second could be adopted if the first is
> too difficult.
>
> (The proposal is that, in either case, we can implement the changes.)
>
> In relation to the first option, I think the key question is: does
> PERMIS actually parse the actions to extract parameters or is the whole
> action name just a string as far as PERMIS is concerned? If it is the
> latter, then perhaps changing PERMIS would be relatively easy. If it is
> the former, then I can see there might be a problem.
>
> Cheers,
>
> Grahame
>
>
> Meitham Jamaa wrote:
> >>> Hi David,
> >>>
> >>> *Zope* supports having spaces in the naming of *actions* on its
> >>> *resources* e.g. "Manage WebDAV Locks"or "
> >>>
> <http://localhost:8080/acl_users/manage_permissionForm?permission_to_manage=Manage%20WebDAV%20Locks>Undo
> >>> changes" and many others
> >>>
> <http://localhost:8080/acl_users/manage_permissionForm?permission_to_manage=Undo%20changes>.
> >>> Zope comes with a built-in authorization module that I want to replace
> >>> with *Permis*. The last version of Zope (version *3*) came with a new
> >>> *XML RBAC Policy* called *ZCML* stands for *Zope Control Markup
> >>> Language*. *ZCML* has many great features but *Permis* is much more
> >>> stronger than *ZCML*. *ZCML* supports having *spaces* in the *Action*
> >>> names just like *Permis* supports having *spaces* in the *Role* names.
> >>> The name is just an *XML value* between two *quotes ""*. e.g.
> >>>     <ActionPolicy>
> >>>         <Action Args="" Name="View management screens"/>
> >>>         <Action Args="" Name="WebDAV Lock items"/>
> >>>         <Action Args="" Name="WebDAV Unlock items"/>
> >>>         <Action Args="" Name="WebDAV access"/>
> >>>         <Action Args="" Name="Change permissions"/>
> >>>         <Action Args="" Name="Copy or Move"/>
> >>>         <Action Args="" Name="Manage WebDAV Locks"/>
> >>>         <Action Args="" Name="Manage properties"/>
> >>>         <Action Args="" Name="Manage users"/>
> >>>         <Action Args="" Name="Take ownership"/>
> >>>         <Action Args="" Name="Undo changes"/>
> >>>         <Action Args="" Name="Delete objects"/>
> >>>     </ActionPolicy>
> >>>
> >>> so if the *Parser* can understand a *spaced name* of *Role*, why it
> >>> should be a problem to the *Parser* to understand *spaced name
> Action?*
> >>>
> >>> kindest regards
> >>>
> >>> Meitham
> >>>
> >>>
> >>>
> >>> David Chadwick wrote:
> >>>> Hi Meitham
> >>>>
> >>>> How many systems support actions with spaces in them? How will
> parsers
> >>>> know when an action is terminated if a space occurs in the middle?
> >>>> Usually a space after an action signals the start of the first action
> >>>> parameter e.g. print 6, where 6 means the number of pages
> >>>>
> >>>> regards
> >>>>
> >>>> David
> >>>>
> >>>>
> >>>> Meitham Jamaa wrote:
> >>>>> Hi David, Geroge and Gansen,
> >>>>>
> >>>>> How difficult it is to make* Permis* support naming *actions* with
> >>>>> *spaces*? Will that requires changing few parts of the code
> only? or it
> >>>>> will cause many problems? :-)
> >>>>>
> >>>>> Many thanks
> >>>>>
> >>>>> Meitham
> >>>>>
> >>>>> George Inman wrote:
> >>>>>> Hi Meitham
> >>>>>>
> >>>>>> Permis doesn't currently support the naming of Actions with
> spaces but
> >>>>>> does support spaces in both Roles and Resources.  All three however
> >>>>>> support  both dotted and slashed string values.
> >>>>>>
> >>>>>> The Permis software is currrently being updated to use plain XML
> >>>>>> policies, so while the PERMIS Decision engine does support the
> use of
> >>>>>> plain XML policies the application that calls the core PERMIS
> decision
> >>>>>> engine may not. To my knowledge the following applications support
> >>>>>> both plain XML policies and policies stored in attribute
> certificates.
> >>>>>> The PERMIS Test Application and The Delegation Issuing Service both
> >>>>>> already support XML policies and the SAAM application will support
> >>>>>> plain XML policies when it is re-released in the near future.
> >>>>>>
> >>>>>> Hope this helps
> >>>>>>
> >>>>>> George
> >>>>>>
> >>>>>> Meitham Jamaa wrote:
> >>>>>>> Hi David,
> >>>>>>>
> >>>>>>> Does Permis supports naming the *action*, *roles* and *resources*
> >>>>>>> with spaced strings, like an action *helloWorld* in the
> example to be
> >>>>>>> *helloWorld* or even dotted *hello.world* or slashed
> *hello/world*?
> >>>>>>> and the same for *roles* and *resources*?
> >>>>>>>
> >>>>>>> I used *SimplePermis* to access *plain XML policies* on file
> system.
> >>>>>>> Can I still do that with the **Permis (the full version)** or do I
> >>>>>>> have to store them in *Certificates* in *LDAP*?
> >>>>>>>
> >>>>>>> Regards
> >>>>>>>
> >>>>>>> Meitham
> >>>>>>>   
> >>>
>

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

September 2017
May 2014
June 2013
April 2013
November 2012
September 2012
July 2012
February 2012
November 2011
October 2011
September 2011
June 2011
May 2011
April 2011
March 2011
February 2011
November 2010
October 2010
August 2010
July 2010
April 2010
March 2010
February 2010
January 2010
December 2009
October 2009
August 2009
June 2009
March 2009
February 2009
January 2009
November 2008
October 2008
May 2008
April 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
May 2007
March 2007
February 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager