Resolution: Won't Fix
Affects Version/s: Fedora 3.5
Fix Version/s: None
Component/s: legacy - FeSL
Roadmap Theme:Security: Authorization
$FEDORA_HOME/sever/config/config-melcoe-pep-mapping.xml specifies a mapping between the full set of API methods/action identifiers used for Fedora API operations and simplified versions of create, read, update, delete, admin
Whilst this is useful for simplified authoring of policies; it has two deficiences:
- The simplified values are presented using the same Action attribute ID as the standard Fedora Action attribute ID - which is misleading/confusing (these simplified values should be a separate attribute ID?)
- The original Fedora action IDs are not retained, making it difficult to write granular policies. For example it's not easy to distinguish between purging an object and purging a datastream, as the same action ID is supplied (in fact the only way currently is to look at the full resource ID and see if there's a datastream on the end, which is not very useful).
So suggeste action would be:
1) The simplified action IDs should be presented using a different a different action attribute ID
2) The original Fedora action IDs should be retained, for more granular-level policies
1) is a breaking change; any existing policies based on these simplified action IDs would break.
So a compromise would be to present both the fedora-original and FeSL-simplified action IDs using the same attribute ID; as the simplified values don't collide with the existing values.
Is translated by FeSL, and presented to the PDP as:
(note that the original, granular method-level value is not retained).
There is a kind of work-around currently which is to amend the mappings back to their original values; but this means you loose the simplified attributes, so is only a work-around for specific situations.