Navigation:
Documentation
Archive



Page Tree:

Child pages
  • Request Manager Service Contract Description - v0.9-alpha

This wiki space contains archival documentation of Project Bamboo, April 2008 - March 2013.

Skip to end of metadata
Go to start of metadata

Brief description

The Request Manager service provides APIs against a request made to BSP services.

Version

This page describes the Request Manager service API,v. 0.9..

To discover the version and other metadata about deployed service code that fulfills this API, please utilize the Service Catalog Service.

Overview and Definitions

The Request Manager service can be used to obtain policy decisions for a subject making a request for a specific resource. There are four possible policy responses:

  • Permit
  • Deny
  • Indeterminate
  • Not Applicable

BSP will only authorize Permit decisions, the other three will be denied.

The Request Manager service provides two APIs:

  • ROA API:  Authorization decisions are based on a policy-driven process that takes into account rules previously established for the resource in question, the action requested, and a set of user data that includes identity, their attributes, and any group memberships. The Request Manager service takes actions and resources and returns authorization decisions based on passed or default user data
  • SOA API: BSP services can make an OSGi call to obtain information about the current request as well as authorization decisions

Assumptions

n/a

References

  • XACML 2.0
  • Codebase: ${REPOSITORY_ROOT}/platform-services/bsp/trunk/bsp/core-services/request-manager-service/

Known Issues

None

ROA Layer API

RESTful service method returning authorization decisions.

 

Base URLs

It is assumed in this documentation that no centrally-run instances of the Bamboo Services Platform will be running after the project ends on 31 March 2013. Therefore, base URLs are assumed to be on a developer's machine, localhost. The base URL with a port number assumes that the BSP is running unsecured; the URL without a port number assumes that security is enforced and Apache Web Server is intercepting and redirecting service calls. Please see the page Identity and Access Management - Authentication and Authorization for context, as well as links to installation and configuration instructions for secured instances of BSP.

Note that ONLY services at v0.9 or greater will run properly in a secured instance of the BSP.

Currently available base URLs:

 

 

Client Responsibilities in Requests to Secured BSP Web Services

This section of the Service API documentation describes a client application's responsibilities when making requests to secured Web Services hosted on the Bamboo Services Platform (including this service).

A secured instance of the Bamboo Services Platform (BSP) implies a significant set of installation and configuration tasks for which the operator of the BSP is responsible. These are described in overview on the wiki page Identity and Access Management - Authentication and Authorization, and in detail on pages linked from that one.

(1) A client must be configured as a Trusted Application if requests are to be treated other than as Anonymous

A client application – whether a web app or a simple testing client such as Firefox Poster or curl – may make requests anonymously or as a "Trusted Application." Only a Trusted Application may assert the identity of a user on behalf of whom the request is made, and scoped roles to be assigned to that user; Bamboo Services trust such clients to assert the identity and assigned-roles only of users who have authenticated in the current session of application activity. (A special-case type of client application, termed Innovation Licensed applications, are trusted to assert the identity of and roles assigned to a fixed set of special-case users without those users having to authenticate in the current session.)

Configuration of client applications are described in detail in this wiki page: Configure Apache Web Server for Client Auth. It is assumed in #2, below, that this configuration has been performed.

(2) A Trusted client is expected to pass HTTP Request Headers to identify itself and an authenticated user

A client application that is Trusted in the security context of the Bamboo Trust Federation (cf. Identity and Access Management - Authentication and Authorization) must augment each request to a service hosted by a secured instance of the Bamboo Services Platform (BSP) with a set of HTTP headers, as follows:

  • X-Bamboo-AppID: A UUID that identifies the client research environment, application, tool, or service; this UUID is issued as part of the process of registering a trusted client in the Bamboo Trust Federation as described in overview on the page Identity and Access Management - Authentication and Authorization; and in detail with respect to physical establishment of trust on the page Configure Apache Web Server for Client Auth. The value of this header is linked to the X.509 certificate by which the application establishes an SSL connection to the BSP host in the registration process, and a match between this Application ID and the linked X.509 certificate is checked by the BSP on receipt of every request.

  • X-Bamboo-BPID: A UUID that identifies the logged-in user on whose behalf the request is being sent; this value, a Bamboo Person Identifier, or BPId, is obtained via a call to the Person Service that occurs in time between user login and any other service request. See the Read a BambooPersonId method of the Person Service API for details. []
  • X-Bamboo-Roles: A pipe-delimited (|) set of scoped roles asserted by the trusted client to belong to the logged-in user, of the form role@domain, which are to be evaluated as factors in the determination of whether the request satisfies policies (access restrictions) that apply to the requested resource. If a user is authenticated, the client is expected to include the role undefined@domain where domain identifies the organization that authenticated the user (example: undefined@google.com is a client app's assertion that the user authenticated to Google). This header is otherwise optional (depending on policies governing the requested resource that may require one or more scoped roles for access to be permitted). Example of multiple roles asserted in this header: roleA@domainOne.xxx|roleB@domainTwo []

[] The value of X-Bamboo-BPID is set to the identifier for the application itself (X-Bamboo-AppID) when a client application calls the Person Service to create a new Bamboo Person Identifier; or to retrieve the BPId for a user based on the identifier of the IdP with which she has logged in and an SHA-256 hash of that IdP's user identifier for the logged-in person.

[] Policies and policy evaluation are described on the page Authorization and Policy. Also see Conventions for representing Identity Providers in the Bamboo Trust Federation.

Schema

Bamboo Repository Location

  • ${REPOSITORY_ROOT}/platform-services/bsp/trunk/bsp/core-services/request-manager-service/request-manager-service-domain/src/main/resources/Request.xsd

Request

Default Request

A client application which is a member of the Bamboo Trust Federation obtains an authorization decision by supplying one or more resource / action sets of data. The identity and attributes required for the decision default to the values for the authenticated user making the request.

Calling Method and Arguments

Invoked as an HTTP POST method. Send an HTTP request of the form:

POST <url root>/bsp/requests HTTP/1.1

Parameter

Meaning

HTTP Body

An instance of a urn:mace:projectbamboo.org:schema:request:1.0:XACMLContext XML document containing valid Requests data

Example:

POST <url root>/bsp/requests

Example XML document:

<?xml version="1.0" encoding="UTF-8"?>
<request:xACMLContext xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <request:requests>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>DELETE</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
    </request:requests>
</request:xACMLContext>

Response

On success, a response with a "200 OK" HTTP status code will be returned.

Parameter

Meaning

HTTP Body

An instance of a urn:mace:projectbamboo.org:schema:request:1.0:XACMLContext  XML document

Example

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request:xACMLContext xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <dcterms:subject>urn:uuid:e87a6717-f77a-4298-bade-fa142096e995</dcterms:subject>
    <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
    <dcterms:created xsi:type="dcterms:W3CDTF">2013-03-14T15:33:16.562-04:00</dcterms:created>
    <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
    <request:principal SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
        <request:subjectId AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:subjectIdAttributeValue>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</request:subjectIdAttributeValue>
        </request:subjectId>
        <request:roles>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>unspecified@wisc.edu</request:roleAttributeValue>
            </request:role>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>member@folgerlibrary.org</request:roleAttributeValue>
            </request:role>
        </request:roles>
        <request:groups>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:781819e6-1e26-40df-8a35-3eae7ddd2a49</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:73d64e2e-6433-4d4d-9f1c-555c07269a13</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:fcbbecbc-6ecc-47fa-9b34-898406aa5810</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:b14c7761-17d9-499b-8bc7-822870d81c27</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:14f9fc1a-9fc8-4e1d-ad31-ce0e1bbdf6cf</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:d0576c7a-4422-497b-8f24-17ffd2a051fc</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
        </request:groups>
        <request:requestTime AttributeId="urn:oasis:names:tc:xacml:1.0:subject:request-time" DataType="http://www.w3.org/2001/XMLSchema#dateTime">
            <request:requestTimeAttributeValue>2013-03-14T15:33:16.476-04:00</request:requestTimeAttributeValue>
        </request:requestTime>
    </request:principal>
    <request:application SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:codebase">
        <request:appId AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:appIdAttributeValue>urn:uuid:2c38ef37-75a9-4871-9388-ebdac1cf3d78</request:appIdAttributeValue>
        </request:appId>
        <request:contractType AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-contract-type" DataType="http://www.w3.org/2001/XMLSchema#string">
            <request:contractTypeAttributeValue>BAMBOO_TRUST_FEDERATION</request:contractTypeAttributeValue>
        </request:contractType>
    </request:application>
    <request:requests>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.530-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.531-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T13:50:06.231-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T13:50:06.231-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Unprotected Resource</dcterms:subject>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.530-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.531-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>DELETE</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Unprotected Resource</dcterms:subject>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
    </request:requests>
    <request:environment>
        <request:hostName AttributeId="urn:mace:projectbamboo.org:attribute:1.0:host-name" DataType="http://www.w3.org/2001/XMLSchema#string">
            <request:hostNameAttributeValue>bsp-dev.projectbamboo.org</request:hostNameAttributeValue>
        </request:hostName>
        <request:hostTime AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-dateTime" DataType="http://www.w3.org/2001/XMLSchema#dateTime">
            <request:hostTimeAttributeValue>2013-03-14T15:33:16.562-04:00</request:hostTimeAttributeValue>
        </request:hostTime>
    </request:environment>
    <xacml-context:Response>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b">
            <xacml-context:Decision>Indeterminate</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
    </xacml-context:Response>
</request:xACMLContext>

Exceptions

If an error occurred, some non-2xx code will be returned. Check the HTTP Status Code that is returned in the response's HTTP headers for the specific error. The following errors may be returned in response to the Get request:

Error (Status Code)

Meaning

Returned When

400

Bad Request

If the XML document is not valid

401

Unauthorized

The client submitting the request is not a member of the Bamboo Trust Federation group

500

Internal Server Error

A service error prevented the resource from being returned

Specific Subject Request

A client application which is a member of the Bamboo Trust Federation obtains an authorization decision by supplying one or more resource / action pairs in addition to the identity and attributes required for the decision.

Calling Method and Arguments

Invoked as an HTTP POST method. Send an HTTP request of the form:

POST <url root>/bsp/requests HTTP/1.1

Parameter

Meaning

HTTP Body

An instance of a urn:mace:projectbamboo.org:schema:request:1.0:XACMLContext XML document containing valid Requests data

Example:

POST <url root>/bsp/requests

Example XML document:

<?xml version="1.0" encoding="UTF-8"?>
<request:xACMLContext xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <request:principal SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
        <request:subjectId AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:subjectIdAttributeValue>urn:uuid:04574969-e851-4fbf-8535-0b81b9b3f2f3</request:subjectIdAttributeValue>
        </request:subjectId>
        <request:roles>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>unspecified@wisc.edu</request:roleAttributeValue>
            </request:role>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>member@folgerlibrary.org</request:roleAttributeValue>
            </request:role>
        </request:roles>
        <request:groups/>
        <request:requestTime AttributeId="urn:oasis:names:tc:xacml:1.0:subject:request-time" DataType="http://www.w3.org/2001/XMLSchema#dateTime">
            <request:requestTimeAttributeValue xsi:type="dcterms:W3CDTF">2012-11-29T17:09:00.047-05:00</request:requestTimeAttributeValue>
        </request:requestTime>
    </request:principal>
    <request:application SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:codebase">
        <request:appId AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:appIdAttributeValue>urn:uuid:2c38ef37-75a9-4871-9388-ebdac1cf3d78/</request:appIdAttributeValue>
        </request:appId>
        <request:contractType AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-contract-type" DataType="http://www.w3.org/2001/XMLSchema#string">
            <request:contractTypeAttributeValue>BAMBOO_TRUST_FEDERATION</request:contractTypeAttributeValue>
        </request:contractType>
    </request:application>
    <request:requests>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>DELETE</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
        	<request:resource>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
    </request:requests>
</request:xACMLContext>

Response

On success, a response with a "200 OK" HTTP status code will be returned.

Parameter

Meaning

HTTP Body

An instance of a urn:mace:projectbamboo.org:schema:request:1.0:XACMLContext  XML document

Example

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request:xACMLContext xmlns:request="urn:mace:projectbamboo.org:schema:request:1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xacml-context="urn:oasis:names:tc:xacml:1.0:context" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:bsp="http://projectbamboo.org/bsp/resource" xmlns:xacml="urn:oasis:names:tc:xacml:1.0:policy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <dcterms:subject>urn:uuid:30273128-be16-4ade-b822-bfcc578cf02a</dcterms:subject>
    <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
    <dcterms:created xsi:type="dcterms:W3CDTF">2013-03-14T15:40:00.667-04:00</dcterms:created>
    <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
    <request:principal SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
        <request:subjectId AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:subjectIdAttributeValue>urn:uuid:04574969-e851-4fbf-8535-0b81b9b3f2f3</request:subjectIdAttributeValue>
        </request:subjectId>
        <request:roles>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>unspecified@wisc.edu</request:roleAttributeValue>
            </request:role>
            <request:role AttributeId="urn:mace:projectbamboo.org:attribute:1.0:scopedRole" DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">
                <request:roleAttributeValue>member@folgerlibrary.org</request:roleAttributeValue>
            </request:role>
        </request:roles>
        <request:groups>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:cafe50ab-623d-4af9-8b7f-aedf8b99563d</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:03c7b3ff-a376-44e9-acc3-55e922c3f16b</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:121b716b-7f71-4aa5-a5c2-63fdc766348a</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:fcbbecbc-6ecc-47fa-9b34-898406aa5810</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
            <request:isMemberOf AttributeId="urn:mace:dir:attribute-def:isMemberOf" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                <request:IsMemberOfAttributeValue>urn:uuid:b14c7761-17d9-499b-8bc7-822870d81c27</request:IsMemberOfAttributeValue>
            </request:isMemberOf>
        </request:groups>
        <request:requestTime AttributeId="urn:oasis:names:tc:xacml:1.0:subject:request-time" DataType="http://www.w3.org/2001/XMLSchema#dateTime">
            <request:requestTimeAttributeValue>2012-11-29T17:09:00.047-05:00</request:requestTimeAttributeValue>
        </request:requestTime>
    </request:principal>
    <request:application SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:codebase">
        <request:appId AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
            <request:appIdAttributeValue>urn:uuid:2c38ef37-75a9-4871-9388-ebdac1cf3d78/</request:appIdAttributeValue>
        </request:appId>
        <request:contractType AttributeId="urn:mace:projectbamboo.org:attribute:1.0:app-contract-type" DataType="http://www.w3.org/2001/XMLSchema#string">
            <request:contractTypeAttributeValue>BAMBOO_TRUST_FEDERATION</request:contractTypeAttributeValue>
        </request:contractType>
    </request:application>
    <request:requests>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.530-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.531-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T13:50:06.231-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T13:50:06.231-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Unprotected Resource</dcterms:subject>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>PUT</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Protected Resource</dcterms:subject>
                <dcterms:creator xsi:type="dcterms:URI">urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</dcterms:creator>
                <dcterms:created xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.530-05:00</dcterms:created>
                <bsp:modifier>urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418</bsp:modifier>
                <dcterms:modified xsi:type="dcterms:W3CDTF">2013-02-21T10:39:00.531-05:00</dcterms:modified>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>DELETE</request:restfulActionValue>
            </request:action>
        </request:request>
        <request:request>
            <request:resource>
                <dcterms:subject>Unprotected Resource</dcterms:subject>
                <request:resourceId AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#anyURI">
                    <request:resourceIdValue>/bsp/persons</request:resourceIdValue>
                </request:resourceId>
            </request:resource>
            <request:action AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
                <request:restfulActionValue>GET</request:restfulActionValue>
            </request:action>
        </request:request>
    </request:requests>
    <request:environment>
        <request:hostName AttributeId="urn:mace:projectbamboo.org:attribute:1.0:host-name" DataType="http://www.w3.org/2001/XMLSchema#string">
            <request:hostNameAttributeValue>bsp-dev.projectbamboo.org</request:hostNameAttributeValue>
        </request:hostName>
        <request:hostTime AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-dateTime" DataType="http://www.w3.org/2001/XMLSchema#dateTime">
            <request:hostTimeAttributeValue>2013-03-14T15:40:00.667-04:00</request:hostTimeAttributeValue>
        </request:hostTime>
    </request:environment>
    <xacml-context:Response>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/profiles/urn:uuid:ae193d7f-3dc1-4dba-b45c-9e32616f97e4">
            <xacml-context:Decision>Deny</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:e2dd0255-54c2-4e96-b664-d9eefb24e8e4/profiles/urn:uuid:69e728cc-a861-46f8-83e7-fa98b6ce7e7b">
            <xacml-context:Decision>Indeterminate</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons/urn:uuid:c00f294d-651b-495b-9633-a900dd1a7418/sourcedids/urn:uuid:a5558030-eeb0-4529-abba-1938a361ec08">
            <xacml-context:Decision>Deny</xacml-context:Decision>
        </xacml-context:Result>
        <xacml-context:Result ResourceId="/bsp/persons">
            <xacml-context:Decision>Permit</xacml-context:Decision>
        </xacml-context:Result>
    </xacml-context:Response>
</request:xACMLContext>


Exceptions

If an error occurred, some non-2xx code will be returned. Check the HTTP Status Code that is returned in the response's HTTP headers for the specific error. The following errors may be returned in response to the Get request:

Error (Status Code)

Meaning

Returned When

400

Bad Request

If the XML document is not valid

401

Unauthorized

The client submitting the request is not a member of the Bamboo Trust Federation group

500

Internal Server Error

A service error prevented the resource from being returned

SOA Layer API

OSGi-based calls.

Also see generated Javadoc for this service. Packages are org.projectbamboo.bsp.services.core.requestmanager.*.

Authorizes the current request

/**
 * Authorizes the current request.
 * 
 * @param pep - <tt>PolicyEnforcementPoint</tt> making the authorization request
 * @param action - the action to be performed
 * @param resource - the resource against the action is to be performed
 */
void authorizeRequest(PolicyEnforcementPoint pep, String action, String resource);

Returns the Bamboo Person Identifier associated with the current subject

/**
 * Returns the Bamboo Person Identifier associated with the current subject.
 * 
 * @return Bamboo Person Identifier 
 */
URI getBPId();

Returns the identifier for the request received from the subject

/**
 * Returns the identifier for the request received from the subject.
 * 
 * @return request identifier 
 */
URI getRequestId();

Returns whether or not the current request was received from an anonymous subject

/**
 * Returns whether or not the current request was received from an anonymous subject.
 * 
 * @return true if the subject is anonymous 
 */
boolean isAnonymous();