The roadmap for OpenSSO said entitlements would be out summer09. Anyone know whether it will be able to solve data level security, for example "userA can only enter <500 in this field on the screen" OR "UserA can see only these values in the dropdown".
How is this implemented in organisations, each app controls the data level security or is there some who have an enterprise repository for it.
Thanks
views:
247answers:
1
+1
A:
Hi Neena - yes, this is exactly the kind of problem that OpenSSO Entitlements are designed to solve. I did a demo at JavaOne last week that showed a demo mobile phone account management system with three policies:
- Each phone user can read their own permissions (e.g. can download music/video) and call log.
- The account holder can read and write the permissions of all phones on the account, and can see the call logs for all phones on the account.
- The account holder can read and write account-wide data (e.g. billing address).
I'll be posting the source code to the demo and explaining how to deploy it on my blog.
To answer the second part of your question, there is an enterprise repository for policy, but it is enforced on an app-by-app basis. In the demo, most enforcement is done by a servlet filter which makes entitlement calls for each requested URL. This worked well, since we used RESTful web services that express the requested resource in the URL. In one spot we made an explicit policy call since the URL pattern did not correspond to the policy - the client could navigate to the account resource via the phone URL. I expect I could have constructed another policy to handle this, but I actually wanted to show an explicit entitlement call.
metadaddy
2009-06-10 17:45:28