Author: buildbot Date: Wed May 15 15:26:59 2013 New Revision: 862076 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.2-definitions.html Removed: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.5.2-definitions.html Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Wed May 15 15:26:59 2013 @@ -1 +1 @@ -1482895 +1482898 Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html Wed May 15 15:26:59 2013 @@ -145,20 +145,28 @@ involves four components. The principle Items in a defined Area

Let's define the four components.

-

Users : -the set of entity being able to do some action. It can be every user, +

Users :

+
+

the set of entity being able to do some action. It can be every user, the entry owner, a list of users, members of a group or a selection in the DIT. Basically, a user is defined as an entry in the DIT.

-

Action : -Generally speaking, a grant or denial to do something, depending on the +

+

Action :

+
+

Generally speaking, a grant or denial to do something, depending on the selected item (read, delete, etc).

-

Items : -An item is an element of the DIT. It can be an Entry, an +

+

Items :

+
+

An item is an element of the DIT. It can be an Entry, an AttributeType, some AttributeValues. It can also define some constraints that will apply on the selected entries.

-

Area : -It defines the set of entries on which the defined ACI applies. It can +

+

Area :

+
+

It defines the set of entries on which the defined ACI applies. It can be the whole DIT, a part of the DIT, a selection of entries, an Entry.

+

We implement those elements using ACIs.

The following chapters will present you the system inside out.

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.2-definitions.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.2-definitions.html (added) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.2-definitions.html Wed May 15 15:26:59 2013 @@ -0,0 +1,195 @@ + + + + + 4.2.2 Definitions — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

4.2.2 Definitions

+

ACI :

+
+

Access Control Information. The set of all the information which might +be relevant to an access control decision for a given subject.

+
+

ACDF :

+
+

Access Control Decision Function. It is the function used to decide +whether a particular subject has a particular access right by virtue of +applicable ACI items.

+
+

protected item :

+
+

A protected item is the element of directory information being +accessed. The protected items are entries, attributes, attribute values +and distinguished names. Access to each protected item can be separately +controlled through ACI.

+
+

subject :

+
+

The entity acting on the server. It can be a person, a program, ... It +aggregates the identity and the security related attributes (passwords, +ceritifcates...) for this entity.

+
+ + + + + +
+
+
+ +
+ + \ No newline at end of file