Support for "restricted access" to "only a few" registry entries ?

[Computer Learning Inst <cl...@yahoo.com>]

Hi all,

We're building an enterprise-wide UDDI registry (using jUDDI v3.0.4).

Is there a way with jUDDI to support the following requirement?

Requirement:
Let us say we have 100 business entities and 100 services already available in jUDDI.  Now, out of 100 businesses, we want 80 businesses to be publicly available over an inquiry response, and 20 businesses to be private (accessible only to a few selected, previously identified, clients).  Similarly with services -- a few services can be queried for by only a select number of clients.

What features of jUDDI (v3.0.4) will be able to support the above requirement?  Which ones should we explore further or read into towards implementation?

Please suggest.  Thank you for your time.

RE: Support for "restricted access" to "only a few" registry entries ?

[Jeff Faath <jf...@apache.org>]

jUDDI follows the UDDI spec and unfortunately the spec does not define a
specific way to do this.

 

You can write your own "authenticator" and enable authentication on the
Inquiry API.  Read the docs on security and authentication for more details.
And there is a parameter in the properties file that enables authentication
on the Inquiry API.  However, this is an all or none proposition in that you
either allow access to the results or not (there is no internal way to
filter the results based on the user).

 

So, there are a couple ways I can see doing this with the current code base.

 

First, you can have two instances of jUDDI, one with your public data and
one with your private data and then use the security mechanism to allow or
deny access.

 

Second, you can wrap code around the jUDDI calls and use the UDDI data
structures to store your security restrictions.  So, if you had two kinds of
entities, say PUBLIC and PRIVATE, you could store that information in the
category bag of each entity.  Then, when your user makes an Inquiry call,
you would figure out what rights that user has and add the additional
criteria in the inquiry request.  For example, if it was a super user, you'd
add a category bag criteria to find services that are categorized as either
PUBLIC or PRIVATE (in addition to whatever other criteria they were
searching for).

 

-Jeff

 

From: Computer Learning Inst [mailto:cli_dc@yahoo.com] 
Sent: Wednesday, May 11, 2011 6:33 AM
To: kurt.stam@gmail.com
Cc: user@juddi.apache.org
Subject: Support for "restricted access" to "only a few" registry entries ?

 


Hi all,

We're building an enterprise-wide UDDI registry (using jUDDI v3.0.4).

Is there a way with jUDDI to support the following requirement?

Requirement:
Let us say we have 100 business entities and 100 services already available
in jUDDI.  Now, out of 100 businesses, we want 80 businesses to be publicly
available over an inquiry response, and 20 businesses to be private
(accessible only to a few selected, previously identified, clients).
Similarly with services -- a few services can be queried for by only a
select number of clients.

What features of jUDDI (v3.0.4) will be able to support the above
requirement?  Which ones should we explore further or read into towards
implementation?

Please suggest.  Thank you for your time.