摘要:
A computer system includes a mashup section that provides a mashup that performs an action on a resource. An attribute identification section identifies an attribute of a user running the mashup. An access control section provides access control. The mashup is associated to a permission artifact. The permission artifact specifies a principal and whether to permit the principal to take the action on the resource. The access control is triggered only when the mashup attempts to perform the action on the resource, and checks whether the attribute of the user running the mashup is predefined as belonging to the principal specified in the permission artifact associated to the mashup, and then permits the action on the resource only when the attribute belongs to the principal. Plural users with the same attribute belong to the principal when the same attribute is defined as belonging to the principal.