WebSphere brand IBM WebSphere XML Document Management Server, Version 7.0

Granting many identities read access to all documents in a directory

Users can grant multiple identities read access to all documents in their home directory.

Before you begin
Preconditions:
  1. John would like to share all documents in his directory except with hacker Sam (sip:sam.hacker@us.example.com).

In order for John to provide everyone read access except for Sam, John must create an authorization policy document that complies with the IETF common policy specification. The authorization policy document must look like this to provide read access for everyone except Sam.

<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy">
	<rule id="read">
		<conditions>
			<identity>
				<many>
					<except id="sip:sam.hacker@us.example.com"/>
				</many>	
</identity>
		</conditions>
	</rule>
</ruleset>
The authorization policy document must be created with the XCAP URI to a special directory.xml in John's home directory with the access control list (ACL) AUID:
com.ibm.resource-lists-acls.http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/directory.xml

This defines the authorization policy document that grants read access to everyone (many) except for Sam to read any document stored in John's home directory for the corresponding resource-lists AUID.

Before using the XDMS client and XCAP requests, make sure that you have JDK version 1.6.0 SR 3 installed and configured in your system path variables.

About this task
Create or edit an XDM policy document and post it to the XDMS.
  1. Reach the command client by typing the following from the command line:cd was_root/installableApps/xdms/client/
    Note: was_root is the installation root directory for WebSphere® Application Server Network Deployment. By default, this directory is:
    • AIX /usr/IBM/WebSphere/AppServer
    • Linux /opt/IBM/WebSphere/AppServer
  2. Type the XCAP Put request.
    ./xcap_put.sh -user user_id -password password -filename file_name -content_type application/auth-policy+xml XCAP_URL
    For example, to put the preceding example to the XDMS server for xdms.example.com, type the following parameters on a single line:
    /xcap_put.sh -user sip:john.doe@us.example.com -password password -filename samples/AuthPolicyManyRead.xml -content_type application/auth-policy+xml http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/directory.xml
  3. Press Enter to send the request. The new policy document is put to the XDMS in the specified location – in this case, for the XCAP URI that corresponds to the authorization policy document that protects all documents in John's home directory.
What to do next
Policy documents can be retrieved or deleted using the XCAP Get and XCAP Delete commands.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.