Users can grant multiple identities read access to all
documents in their home directory.
Before you begin
Preconditions:
- John would like to share all documents in his directory except
with hacker Sam (sip:sam.hacker@us.example.com).
In order for John to provide everyone read access except for
Sam, John must create an authorization policy document that complies
with the IETF common policy specification. The authorization policy
document must look like this to provide read access for everyone except
Sam.
<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy">
<rule id="read">
<conditions>
<identity>
<many>
<except id="sip:sam.hacker@us.example.com"/>
</many>
</identity>
</conditions>
</rule>
</ruleset>
The authorization policy document must be created with the
XCAP URI to a special
directory.xml in John's
home directory with the access control list (ACL) AUID:
com.ibm.resource-lists-acls.http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/directory.xml
This
defines the authorization policy document that grants read access
to everyone (many) except for Sam to read any document stored in John's
home directory for the corresponding resource-lists AUID.
Before
using the XDMS client and XCAP requests, make sure that you have JDK
version 1.6.0 SR 3 installed
and configured in your system path variables.
About this task
Create or edit an XDM policy document and post it to the
XDMS.
- Reach the command client by typing the following from the
command line:cd was_root/installableApps/xdms/client/
Note: was_root is
the installation root directory for
WebSphere® Application Server
Network Deployment.
By default, this directory is:
/usr/IBM/WebSphere/AppServer
/opt/IBM/WebSphere/AppServer
- Type the XCAP Put request.
./xcap_put.sh -user user_id -password password -filename file_name -content_type application/auth-policy+xml XCAP_URL
For example, to put the preceding example to
the XDMS server for xdms.example.com, type the following parameters
on a single line:/xcap_put.sh -user sip:john.doe@us.example.com -password password -filename samples/AuthPolicyManyRead.xml -content_type application/auth-policy+xml http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/directory.xml
- Press Enter to send the request. The new
policy document is put to the XDMS in the specified location – in
this case, for the XCAP URI that corresponds to the authorization
policy document that protects all documents in John's home directory.
What to do next
Policy documents can be retrieved or deleted using the XCAP
Get and XCAP Delete commands.