The main variations in the JSON code for delegationEvidence are the (1-n) policySets, policies and rules arrays. These variations are based on the most efficient way of expressing the rights that an accessSubject has.
Various examples are described in the table below.
Description
Code
Organisation A delegates rights to organisation B. A allows B READ and CREATE access to all ETA and WEIGHT of A's containers of which the data is located at service provider C and can only be accessed with service provider C. However, A does not allow B to CREATE to ETA information and completely denies access to data regarding container ID.00000000000001. Furthermore, all rights of B are allowed under iSHARE licenses 1 and 3, and B has the right to delegate it's right two more times.
The code shows default access to a set of resources, with a few exceptions in terms of actions or specific resources. This results in additional "Deny" rules within the policy.
Code - for visual/reading purposes Bron uitklappen
Organisation A delegates rights to organisation B. A allows B READ access to all ETA of A's containers of which the data is located at service provider C and can only be accessed with service provider C. A also allows B CREATE access to all WEIGHT of A's containers, at any service provider possible. Furthermore, all rights of B are allowed under iSHARE licenses 1 and 3, and B has the right to delegate it's right two more times.
The code shows that the same delegation rights and licenses apply to a resource set, but different actions are allowed to different subsets of these resources. This results in variations in policies within the policySets.
Code - for visual/reading purposes Bron uitklappen
Organisation A delegates rights to organisation B. A allows B READ and CREATE access to all ETA and WEIGHT of A's containers of which the data is located at service provider C, and rights can only be used with service provider C. Furthermore, all rights of B are allowed under iSHARE licenses 1 and 3, and B has the right to delegate it's right two more times. A also provides B READ access to the Container origins, but does not allow delegation for this information and it is only accessible under iSHARE license 2.
The code shows two groups of resources with specific policies, executed under different licenses and delegation rights. This results in variations on the policySets level within the delegationEvidence.
Code - for visual/reading purposes Bron uitklappen