[Date Prev][Date Next] [Chronological] [Thread] [Top]

I'm not just looking for a "best book"...

I'm developing a system that implements a bunch of transactions (in XML) and I
want the ability to grant users permission to use those transactions, and even
permission (or denial) to use certain elements within the transactions.

What I'm having trouble finding is any text that describes various scenarios
on how to do this.  There's a lot of discussion about adding users,
organizations, even devices.  What I need is some discussion (or monologue) on
how to setup applications, create objects that require authorization to use,
permit users individually, or in groups, to use those objects, and how an
application should best query a directory to determine if a user's attempted
operation should be allowed.  If the directory needs to be queried for each
transaction (let's assume it does) can the required yes/no be determined with
one call?  Two calls?

That's the kind of stuff I'm looking for.  Any recommendations?