Security Realm

The security realm service integrates with the server's underlying authentication and authorization service and is responsible for resolving the abstract performer names listed in an activity definition into concrete runtime security principals. A principal can represent either a group or a user. Group expansion is performed externally by the workflow engine if necessary.


Participant meta-data are used to register security principal types and principals and groups are used to register security identities. The basic security realm implementation that comes with OBE stores these data in the configuration file BasicSecurityRealm.xml; the instances have this format:
<entry key="nmtoken">
<instance xsi:type="obe:principal" name="nmtoken" full-name="string"? email="string"? />
<entry key="nmtoken">
<instance xsi:type="obe:group" name="nmtoken" full-name="string"? email="string"?>
The key used to locate the principal. Corresponds to a performer name in the comma-separated string in the <xpdl:Performer> element.
Contains an actual instance of a security principal. The xsi:type attribute indicates the runtime class, which will either implement or
The unique principal name.
The principal's full name.
The principal's email address (assumed to be SMTP).
Identifies, by reference to its unique key, another principal which is a member of this group.
Identifies, by reference to its unique key, a nested group which is a member of this group.