Yesterday, I checked in the last piece of functionality to complete the first pass at the RESTful interface of the authorization service in
CollectionSpace. There is a short description of these APIs on the
wiki. Yes, I am aware of the
confusion behind the term authorization. I have described the
terms used on the wiki.
- Role
- Permission
- Role - Permission relationship (available from Permission service, /permissions/{id}/permroles)
- Account - Role relationship (available from Account service, /accounts/{i}/accountroles)
Indeed, there is a separate web service for
account management with its own RESTful interface. The CollectionSpace security runtime exposes APIs to enforce access control from the CollectionSpace services runtime and SPIs to plug in various providers. I will be using
Spring Security ACLs as the underlying service provider.
More on the enforcement of the permissions in future entries. I will also write more about my experiences and approaches I took in implementing relationships between RESTful resources, e.g. relationship between Role and Permission.
No comments:
Post a Comment