CMIS ACL-Proposal 26-28 Jan 2009

Motivation: Scenarios Policies: Recap ACL Concept Proposal: Discussion Topics

Scenarios End-User Collaboration Scenario Development: No permissions used (might be passed through, but not interpreted) Runtime: Admin or enduser knows the permissions, assigned by a user to the documents CMIS Application CMIS Application permissions Documents

Scenarios Background Tasks Development: Usage of Permissions is being coded into the application Runtime: Application per- missions permissions mappings? CMIS Application CMIS Application permissions Documents

Recap CMIS Objects

ACL Concept Policies

ACL Concept Permissions All Write Read WritePolicy Delete WriteProperty WriteContent File Unfile Version READ Read ReadProperty ReadContent ReadPolicy

Discussion Topics Assumption: unified user base  no user discovery, no mapping (within the scope of CMIS) ok ? Scenario: flexible mapping („level 1“) vs. known permissions („level 2“) ? Permissions (Level 2): extended permissions required vs. Read/Write/All ? Modelling of ACLs: Policies vs. Properties ? [if policies] entire ACL vs. individual ACEs as Policy ? Format for ACLs: XACML vs. XML vs. other format ? format for principals (plain ID vs. type info + ID) ? ACL Assignment: atomic action when creating an object vs. inheritance ? ACL Inheritance: on create vs. create + lifetime ?