Skip to main content

Home/ SoftwareEngineering/ Group items tagged resources

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

UML tools for software development and Modelling - Enterprise Architect Full Lifecycle ... - 0 views

www.sparxsystems.com/...index.html

enterprisearchitect tutorial documentation

shared by kuni katsuya on 27 Jun 12 - No Cached
  • EA User Guide (pdf)
  • Reference Booklets
  • Enterprise Architect Online Help
  • ...8 more annotations...
  • Tutorials All Tutorials UML Tutorials UML 2.1 Tutorial UML Tutorial - Part 1 Intro UML Tutorial - Part 2 Intro The Business Process Model The Component Model The Dynamic Model The Logical Model The Physical Model The Use Case Model UML Database Modeling Enterprise Architect Tutorials Creating Strategic Models Diagram Filters BPEL: Step by Step Guide Resource Management Testing Management Traceability RTF Documentation Use Case Metrics Structured Use Case Scenarios
  • Video Demonstrations All Videos Getting Started Requirements Management Modeling & Productivity Tools Code Engineering and the Debug Workbench Version Control Integration (Eclipse, Visual Studio, TFS)
  • UML Tutorial - Structure UML Tutorial - Behavior The Business Process Model Deployment of EA MDA Overview Rich-Text (RTF) Reporting Version Control Integration Requirements Management
  • White Papers & E-Books
  • Roles Business Analyst Database Administrator Deployment & Rollout Developer Project Manager Software Architects Software Engineer Technology Developer Testers
  • Solutions
  • MDG Technologies MDG Technologies EJB Technology.xml Testing Technology.xml
  • UML Profiles & Patterns UML Patterns UML Patterns Create UML Patterns Import UML Patterns Use UML Patterns UML Profiles UML Profiles: Introduction UML Profile for SPEM XML Schema (XSD) Generation Web Modeling Profile Eriksson-Penker Business Extensions Open Distributed Processing (UML4ODP)
kuni katsuya

Enterprise Architect - Product Demonstrations - 0 views

www.sparxsystems.com/...index.html

enterprisearchitect overview video

shared by kuni katsuya on 27 Jun 12 - Cached
  • Part 2 Subversion Setting up a Subversion repository for use with Enterprise Architect models.
  • Part 4 Configure & Connect Configuring Enterprise Architect and connecting to your Version Control system.
  • Part 5 Controlled Packages Working with version controlled UML packages in Enterprise Architect.
  • ...19 more annotations...
  • Eclipse A tour of MDG Integration for Eclipse.
  • Baseline Diagram Comparison Conduct a visual diagram comparison between your current diagram and a previous baseline .
  • Personal Information Window See how the Personal Information Window in Enterprise Architect can help you organize your daily tasks and workflow.
  • Working Sets As you perform work on your model, you open various windows, diagrams and views. Working Sets allow you to return to these same views in a later work session.
  • Business Rules A car rental system is used to illustrate how to generate executable business rules using Enterprise Architect.
  • Menu Customization Quickly and easily suppress individual menu items or entire categories of commands to create custom menu layouts.
  • Floating and Dockable Windows Save the position and layout of Floating and Dockable Windows using a Working Set in the Personal Information Window.
  • Build and Debug a Java Application Set up Enterprise Architect to build and debug a Java Application, using a VEA sample project.
  • Sequence Diagrams Learn how to create a simple Sequence diagram. The video also illustrates how to bring your Sequence diagram to life using model simulation.
  • HTML Report Generation This brief introduction illustrates how to automatically generate a HTML Report using Enterprise Architect.
  • Basic Use Case Demonstration A guide to constructing a Use Case model in under 30 seconds, including use cases, notes and issues.
  • Traceability within Enterprise Architect This video examines Traceability and discusses how to use Enterprise Architect to conduct an Impact Analysis.
  • Requirements Reporting A brief overview of requirements reporting in Enterprise Architect. Topics include document generation in web and RTF formats, report customization and virtual documents, including Model and Master documents.
  • Requirements Traceability An examination of requirements traceability in Enterprise Architect. Topics include traceability views, tracing to external artifacts, conducting an impact analysis, viewing the Relationship Matrix and using Enterprise Architect's Auditing capabilities.
  • Requirements Modeling A brief overview of requirements modeling in Enterprise Architect. Topics include requirements capture and definition, custom properties, tabular editing, auto-naming and screen prototypes.
  • Installing EA An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Enterprise Architect 7.5 Overview An overview of Enterprise Architect features released with version 7.5.
  • Introduction to Enterprise Architect An introductory walk through and discussion of Enterprise Architect in the Software Development Lifecycle.
  • Brief Overview The 10 minute guide to Enterprise Architect, from Requirements Management and Business Process Modeling to MDA and Code Engineering.
kuni katsuya

schuchert - JPA Tutorial 4 - Inheritance and Polymorphic Queries - 0 views

schuchert.wikispaces.com/itance+and+Polymorphic+Queries

JPA inheritance PolymorphicQueries

shared by kuni katsuya on 28 Sep 12 - No Cached
  • JPA Tutorial 4 - Inheritance and Polymorphic Queries
  • Books and Dvd's, both of which inherit from Resource
  • When we search for a Resource we might get back Books, Dvd's, or both
  • ...12 more annotations...
  • queries polymorphic
  • Introduce the Resource class
  • new type, Dvd
  • What happens when you perform a query on a type that has subclasses?
  • It turns out support for inheritance in queries (as well as JPA) is built in
  • do not actually need to do anything other than have one entity inherit from another entity to get everything to work
  • book entity inherit from the Resource entity
  • Introduce a new entity type called Resource
  • Change the BookDao to be a ResourceDao
  • Update the methods returning Book and have them instead return Resource
  • Update all references to Book and replace them with Resource
  • Change the bookId to resourceId
kuni katsuya

Java Authorization Guide | Apache Shiro - 0 views

shiro.apache.org/java-authorization-guide.html

Shiro authorization documentation

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Java Authorization Guide with Apache Shiro
  • Levels of permission granularity
  • specify an actions (open, read, delete, etc)
  • ...18 more annotations...
  • resource (door, file, customer record, etc)
  • define a permission to any depth
  • Resource Level
  • Instance Level
  • Attribute Level
  • instance of a resource
  • attribute of an instance or resource
  • Permissions Defined
  • Permissions represent what can be done in your application
  • A well formed permission describes a resource types and what actions are possible when you interact with those resources
  • Roles Defined
  • Roles are effectively a collection of permissions
  • Explicit Roles
  • An explicit role has permissions explicitly assigned to it and therefore is an explicit collection of permissions
  • Implicit Roles
    • kuni katsuya
      kuni katsuya on 24 Aug 12
       
      do not use!!!
  • Annotation Authorization
  • @RequiresPermissions(“account:create”)‏
  • Permission Check
kuni katsuya

Enterprise Architect - XML Schema Generation - 0 views

www.sparxsystems.com/...xml_schema_generation.html

enterprisearchitect xml schema xsd generation

shared by kuni katsuya on 27 Jun 12 - No Cached
  • XML Schema Generation
  • The XSD Generation facility converts a UML class model to a W3C XML Schema (XSD). This allows Data Modelers to start working at a conceptual level in UML, leaving the tedious aspects of XSD creation to EA. The schema generation can then be customized if necessar
  • To use the schema generation facility you will require the following:
  • ...2 more annotations...
  • XSDDataTypes Package: This package contains classes representing XSD primitive data types. This package is available as an XMI file. To import the file as a UML Package, use EA's XMI import facility which is available from the menu item: Project | Import/Export | Import Package from XMI. UML Profile for XML: This resource file contains the stereotyped classes which allow the schema generation to be customized. The UML Profile for XML can be imported into a model using the Resource View (see Importing Profiles for details on importing UML profiles into EA).
  • Steps to Generate XSD: Select the package to be converted to XSD by right-clicking on the package in the Project Browser. Select Project | Generate XML Schema from the main menu. Set the desired output file using the Filename field. Set the desired xml encoding using the Encoding field. Click on the Generate button to generate the schema. The progress of the schema generator will be shown in the Progress edit box.
kuni katsuya

Data Source Configuration in AS 7 | JBoss AS 7 | JBoss Community - 0 views

community.jboss.org/...DataSourceConfigurationinAS7

jbossas7 datasource configuration jdbc

shared by kuni katsuya on 11 Jul 12 - No Cached
  • Data Source Configuration in AS 7
  • Using @DataSourceDefinition to configure a DataSource
  • This annotation requires that a data source implementation class (generally from a JDBC driver JAR) be present on the class path (either by including it in your application, or deploying it as a top-level JAR and referring to it via MANIFEST.MF's Class-Path attribute) and be named explicitly.
  • ...21 more annotations...
  • this annotation bypasses the management layer and as such it is recommended only for development and testing purposes
  • Defining a Managed DataSource
  • Installing a JDBC driver as a deployment
  • Installing the JDBC Driver
  • deployment or as a core module
  • managed by the application server (and thus take advantage of the management and connection pooling facilities it provides), you must perform two tasks.  First, you must make the JDBC driver available to the application server; then you can configure the data source itself.  Once you have performed these tasks you can use the data source via standard JNDI injection.
  • recommended way to install a JDBC driver into the application server is to simply deploy it as a regular JAR deployment.  The reason for this is that when you run your application server in domain mode, deployments are automatically propagated to all servers to which the deployment applies; thus distribution of the driver JAR is one less thing for administrators to worry about.
  • Note on MySQL driver and JDBC Type 4 compliance: while the MySQL driver (at least up to 5.1.18) is designed to be a Type 4 driver, its jdbcCompliant() method always return false. The reason is that the driver does not pass SQL 92 full compliance tests, says MySQL. Thus, you will need to install the MySQL JDBC driver as a module (see below).
  • Installing a JDBC driver as a module
  • <module xmlns="urn:jboss:module:1.0" name="com.mysql">  <resources>    <resource-root path="mysql-connector-java-5.1.15.jar"/>  </resources>  <dependencies>    <module name="javax.api"/>  </dependencies></module>
  • jboss-7.0.0.<release>/modules/com/mysql/main
  • define your module with a module.xml file, and the actual jar file that contains your database driver
  • content of the module.xml file
  • Under the root directory of the application server, is a directory called modules
  • module name, which in this example is com.mysql
  • where the implementation is, which is the resource-root tag with the path element
  • define any dependencies you might have.  In this case, as the case with all JDBC data sources, we would be dependent on the Java JDBC API's, which in this case in defined in another module called javax.api, which you can find under modules/javax/api/main as you would expect.
  • Defining the DataSource itself
  •    <datasource jndi-name="java:jboss/datasources/MySqlDS" pool-name="MySqlDS">      <connection-url>jdbc:mysql://localhost:3306/EJB3</connection-url>         <driver>com.mysql</driver>
  •     <drivers>      <driver name="com.mysql" module="com.mysql">        <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>      </driver>    </drivers>
  • jboss-7.0.0.<release>/domain/configuration/domain.xml or jboss-7.0.0.<release>/standalone/configuration/standalone.xml
kuni katsuya

MySQL & Apache Derby as jdbcRealm for Apache Shiro | Nabil Hachicha - 0 views

nhachicha.wordpress.com/...-as-jdbcrealm-for-apache-shiro

ApacheShiro JdbcRealm example MySQL

shared by kuni katsuya on 03 Sep 12 - No Cached
  • http://localhost:8080/ShiroDemo/auth/secured.jsp
  • MySQL & Apache Derby as jdbcRealm for Apache Shiro
  • Step 1 creating a simple WebApp
  • ...36 more annotations...
  • Step 2 securing some content
  • create a database that will hold the list of the authorized users along with their password
  • Create a new directory “auth” and add a new JSP under it, let’s call it “BackOffice.jsp“
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create directory 'auth' under webapps directory
  • enable Shiro into our project by adding a ServletFilter into our Web.xml
  •  <filter-class>05            org.apache.shiro.web.servlet.IniShiroFilter06        </filter-class>
  • 10    <filter-mapping>11         <filter-name>ShiroFilter</filter-name>12         <url-pattern>/*</url-pattern>13    </filter-mapping>
  • classpath:shiro.ini
  • shiro-core
  • shiro-web
  • create shiro.ini under resource dir
  • 07ds.jdbcUrl=jdbc:derby://localhost:1527/shiro_schema08ds.username = APP09ds.password = APP
  • 15/auth/** = authcBasic16/** = anon
  • jdbcRealm.authenticationQuery
  • jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
  • setup the jdbc realm, this is where Shiro will find the authorized users
  • map the URLs to be protected, all the url under /auth should be authenticated with basic HTTP authentication
  • All the other URLs should be accessed without authentication
  • Add a new directory under src let’s call it production we will create a new shiro configuration file compatible with MySQL
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create src/production/resources/shiro.ini with contents below
  • 06ds.serverName = localhost07ds.user = ADM08ds.password = secret12309ds.databaseName = shiro_schema
  • jdbcRealm which use a MySQL driver
  • jdbcRealm.dataSource = $ds
  • jdbcRealm.dataSource=$ds
  • added the appropriate dependency to maven pom.xml
  • mysql-connector-java
  • environment.type
  • staging
  • 13                <jdbc.user>APP</jdbc.user>14                <jdbc.passwd>APP</jdbc.passwd>15                <jdbc.url>jdbc:derby://localhost:1527/shiro_schema</jdbc.url>16                <jdbc.driver>org.apache.derby.jdbc.ClientDriver</jdbc.driver>
  • src/main/resources
  • derbyclient
  • production
  • environment.type
  • 45                <jdbc.user>ADM</jdbc.user>46                <jdbc.passwd>secret123</jdbc.passwd>47                <jdbc.ds>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</jdbc.ds>48                <jdbc.serverName>localhost</jdbc.serverName>49                <jdbc.databaseName>shiro_schema</jdbc.databaseName>
  • src/production/resources
  • To build and run for staging
  • To build for production
  • -Denvironment.type=prod
kuni katsuya

Sparx Systems - Resources - Developers - UML Profiles - 0 views

www.sparxsystems.com/...uml_profiles.html

enterprisearchitect Uml UmlProfiles

shared by kuni katsuya on 04 Sep 12 - Cached
  • Resources View
    • kuni katsuya
      kuni katsuya on 04 Sep 12
       
      view > more project tools > project resources
kuni katsuya

Enterprise Architect - Resources - Model Driven Generation (MDG) Technologies - 0 views

www.sparxsystems.com/...mdg_tech

enterprisearchitect mdg

shared by kuni katsuya on 27 Jun 12 - No Cached
  • Model Driven Generation (MDG) Technologies
  • MDG Technologies allow users to extend Enterprise Architect's modeling capabilities to specific domains and notations. MDG Technologies seamlessly plug into Enterprise Architect to provide additional toolboxes, UML profiles, patterns, templates and other modeling resources.
  • Free MDG Technology downloads for Enterprise Architect:
  • ...12 more annotations...
  • EJB MDG Technology for Enterprise Java Beans allows the user to model EJB entities and EJB sessions, complete with UML profiles for modeling EJB, EJB patterns and Code Management. (requires Enterprise Architect 4.1 or later)
  • ICONIX AGILE DDT ICONIX Agile Developer - Design-Driven Testing (DDT) streamlines the ICONIX modeling process, providing: Convenient modeling of robustness diagrams Automatic generation of sequence diagram structures from robustness diagrams Transformation of robustness control elements to test diagrams Transformation of sequence diagram elements to test diagrams Transformation of requirement diagrams to test diagrams Transformation between test cases and test classes. (JUnit & NUnit) Built-in model validation rules for ICONIX robustness diagrams (requires Enterprise Architect 7.5 or later)
  • Testing MDG Technology for Testing helps users to rapidly model a wide range of testing procedures including component testing, SUT, Test Cases and more. (requires Enterprise Architect 4.1 or later)
  • Instructions for loading an MDG Technology EXE file: Download and run the .exe file to install the MDG technology. Open Enterprise Architect. Select from the Main Menu Add-Ins | XYZ Technology | Load.
  • Built-in MDG Technologies: Most of the MDG Technologies provided by Sparx Systems are built into Enterprise Architect directly. Depending on your edition of Enterprise Architect, some or all of the following MDG Technologies will be available:
  • Gang of Four Patterns
  • Mind Mapping
  • Web Modeling
  • Data Flow (DFD)
  • Entity-Relationship (ERD)
  • Business Rule Model
  • BPMN™
kuni katsuya

Access control - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Access_control

security models authentication authorization

shared by kuni katsuya on 31 Aug 12 - No Cached
  • Computer security
  • authentication, authorization and audit
  • In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects
  • ...39 more annotations...
  • Principle of least privilege
  • object-capability model, any software entity can potentially act as both a subject and object
  • Access control models used by current systems tend to fall into one of two classes:
  • those based on capabilities
  • those based on access control lists (ACLs)
  • Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject)
  • identification and authentication determine who can log on to a system, and the association of users with the software subjects that they are able to control as a result of logging in; authorization determines what a subject can do; accountability identifies what a subject (or all subjects associated with a user) did.
  • Authorization determines what a subject can do on the system
  • Authorization
  • Access control models
  • categorized as either discretionary or non-discretionary
  • three most widely recognized models are
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Role Based Access Control (RBAC)
  • Attribute-based access control
  • Discretionary access control
  • Discretionary access control (DAC) is a policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.
  • Every object in the system has an owner
  • access policy for an object is determined by its owner
  • DAC systems, each object's initial owner is the subject that caused it to be created
  • Mandatory access control
  • Mandatory access control refers to allowing access to a resource
  • if and only if rules exist
  • that allow a given user to access the resource
  • Management is often simplified (over what can be required) if the information can be protected using
  • hierarchical access control
  • or by implementing sensitivity labels.
  • Sensitivity labels
  • A subject's sensitivity label specifies its
  • level of trust
  • level of trust required for access
  • subject must have a sensitivity level equal to or higher than the requested object
  • Role-based access control
  • Role-based access control (RBAC) is an
  • access policy
  • determined by the system
  • not the owner
  • Access control
kuni katsuya

The New RBAC: Resource-Based Access Control | Stormpath - 0 views

www.stormpath.com/...-resource-based-access-control

RBAC Shiro authorization

shared by kuni katsuya on 07 Aug 12 - No Cached
kuni katsuya

Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Security+Module+Drafts

ApacheDeltaSpike

shared by kuni katsuya on 16 Aug 12 - No Cached
  • Authorization
  • Impersonalization
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      impersonation
  • authenticates “as a user” or access application imitating his identity - without knowing his password
  • ...36 more annotations...
  • elements of the user interface are displayed to the user based on the user's privilege level
  • assign permissions to individual objects within the application’s business domain
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      individual objects == instances
  • Permissions
  • Permissions assigned to user for a given resource in the tree are inherited by other resources
  • Permissions are inherited
  • persist user, group and role information in database. JPA implementation is his dream
  • Security Module Drafts
  • Identity
  • interface Identity
  • login()
  • logout()
  • getUser()
  • Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
  • Object level permission
  • Grant or revoke permissions
  • Group management
  • User/Identity management
  • identity.hasRole
  • identity.hasPermission
  • Permissions model
  • Identity Management (IDM)
  • User, Group and Role
  • Events
  • hooks for common IDM or Security operations
  • Audit and logging for permission and IDM related changes
  • Event API.
  • Impersonalization
  • Impersonalization
  • control which elements of the user interface are displayed to the user based on their assigned permissions
  • ask for permission
  • without need to obtain object from DB
  • String resourceId
  • structure of resources
  • more advanced security resolution mechanisms
  • Rules based engine
  • external services - XACML
kuni katsuya

DataSource configuration - JBoss AS 7.1 - Project Documentation Editor - 0 views

docs.jboss.org/...DataSource+configuration

jbossas7 data source configuration cli

shared by kuni katsuya on 22 Jun 12 - No Cached
  • /subsystem=datasources:read-resource(recursive=true)
  • /subsystem=datasources:installed-drivers-list
  • DataSource configuration
  • kuni katsuya on 22 Jun 12
     
    /subsystem=datasources:read-resource(recursive=true)
kuni katsuya

Logging Cheat Sheet - OWASP - 0 views

www.owasp.org/...Logging_Cheat_Sheet

OWASP logging BestPractices CheatSheet

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Legal and other opt-ins
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      terms & conditions acceptance, license transfers, etc
  • Data changes
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      all changes to domain objects
  • Event attributes
  • ...35 more annotations...
  • Log date and time
  • Event date and time
  • Application identifier
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service type
  • Application address
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service instance
  • User identity
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      ie. subject
  • Type of event
  • Severity of event
  • Description
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. event message text
  • Action
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
  • original intended purpose of the request
  • Object
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. managed resource being accessed
  • affected component
  • Result status
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      boolean was_successful
  • Reason
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      include in event message text
  • Extended details
  • Data to exclude
  • Access tokens
  • Session identification values
  • Sensitive personal data
  • passwords
  • Database connection strings
  • Encryption keys
  • payment
  • Information a user has opted out of collection
  • Synchronize time across all servers and devices
  • Input validation failures
  • Which events to log
  • proportional to the information security risks
  • Always log:
  • Authentication successes and failures
  • Authorization failures
  • Session management failures
  • Application errors and system events
  • Application and related systems start-ups and shut-downs
  • Use of higher-risk functionality
kuni katsuya

TH01-EP03-US004 - Property Mgmt, Edit Location & Directions, Content Mgmt - Projects - ... - 0 views

confluence.visualfrenzy.com/...viewpage.action

shared by kuni katsuya on 06 Dec 12 - No Cached
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • ...18 more annotations...
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • As a user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      with what granted roles? from which organization?
  • ability to see
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permissions required: retrieve these resource types
  • Location Type
  • Description
  • Airports
  • belonging to other organizations
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      content (license) owned by organization different than user's
  • clone this information
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      clone = retrieve, then create ie. required permissions: {retrieve,create:}
  • have the rights
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      generally speaking, there can be a few independent but overlapping mechanism that will control who is allowed to do what with content: 1. any subject's access to the content itself can be controlled via authorization rules (ie. required vs granted permissions) enforced via system-wide resource-based access control 2. content licensors (~content owners) can restrict the usage of their content by: * whom - ie. content licensee (legally/commercially represented by an organization) * how - eg. reuse as unmodified, create derivatives, composite, redistribute, etc * where - ie. distribution channels their content can be used (eg. only on hotel's vbrochure site, but not in any ids/gds channels) * when - temporal restrictions may limit scope of content license grant by: start, end, duration, season, etc 3. content licensees can further filter or funnel content available to them (resulting from a combination of license granted to them and access control) based on their own criteria (eg. generate a templated hotel presentation only if: at least 1 textual description, 5 photos and 1 video for a hotel is available with a license to combine them (composite content)
  • see how other organizations describe the property
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permission required: retrieve hotel descriptive content(?) owned by independent organization
  • Property Mgmt
  • which textual information
  • displayed
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      displayed where? on specific channels?
  • ECM will ask user to confirm that the user has rights to use that content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      if ecm/vfml is to manage content licensing as a third party between organizations (content licensors & licensees) shouldn't ecm *know* if the user('s organization) has rights to use the content in question? is this question posed to the user (with required explicit acknowledgement) purely to absolve vfml from liability issues that may result from licensing disagreements?
  • property’s
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this being the user's (organization's) 'version'or 'view'of the hotel, since this user normally wouldn't/shouldn't be granted permissions to replace content for a hotel on a different organization's 'view'or 'version' of the same hotel
  • to see the user’s original content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this implies that *at least* one version of such (temporarily) replaceable content needs to be managed/maintaned to allow reverting what if, deliberately, ignorantly or maliciously, a user replaces the same piece of--textual or any type, really--content for this hotel n times? will all n versions be required to be managed as an undo history? the user's ''original content'' might have been version 1, but equally might have been 1 mean: - previous version of the content, regardless of which user - initial version of that content attached to the hotel regardless of which user created/updated it and ignoring which organization owns it?, or, -
kuni katsuya

WildcardPermission (Apache Shiro 1.2.1 API) - 0 views

shiro.apache.org/...WildcardPermission.html

ApacheShiro permission

shared by kuni katsuya on 29 Aug 12 - No Cached
  • first token is the
  • domain
  • second token is the
  • ...7 more annotations...
  • action b
  • eing performed
  • boolean implies(Permission p)
  • Returns true if this current instance
  • implies all the functionality and/or resource access described by the specified Permission argument
  • false otherwise
  • current instance must be exactly equal to or a superset of the functionalty and/or resource access described by the given Permission argument
  • kuni katsuya on 29 Aug 12
     
    "first token is the"
kuni katsuya

Principle of least privilege - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Principle_of_least_privilege

security models LeastPrivilege authorization

shared by kuni katsuya on 31 Aug 12 - Cached
  • Principle of least privilege
  • requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program depending on the subject) must be able to
  • access only the information and resources that are necessary for its legitimate purpose
1 - 20 of 58 Next › Last »
Showing 20 items per page