CMIS ACL-PROPOSAL 26-28 Jan 2009.  Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics.

Slides:

Advertisements

Similar presentations

Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.

Advertisements

Top 10 things you need to know about SharePoint Site Administration

How did we get here? (CMIS v0.5) F2F, January 2009.

W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,

Windows SharePoint Services: Advancements In Document, Content, And Data Storage Dustin Friesenhahn OFF409 Program Manager Microsoft Corporation.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.

1 Workshop on Metadata Interoperability for Electronic Records Management November 15, 2001 Archives II, College Park, MD.

Building Personal Collections and Networks of Digital Objects in a Fedora Repository Using VUE Anoop Kumar Nikolai Schwertner Tufts University Fedora User.

ADML A result of cooperation and leverage! The Open Group W3C OMG MCC CMU.

UW-Madison PKI Lab Keith Hazelton Principal Investigator, UW-Madison PKI Lab Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

XML, DITA and Content Repurposing By France Baril.

1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.

 Name: Hatem elbuhaisi  Name no:  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows.

Security Aspects Of Directory Enabled Applications Praerit Garg Program Manager Windows NT Security Microsoft Corporation.

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Content Management Interoperability Services (CMIS)

Interoperability with CMIS and Apache Chemistry

3190 StarTeam Security Explained!

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

An Overview of D11’s SharePoint Implementation for Tech Support Staff.

IOS110 Introduction to Operating Systems using Windows Session 8 1.

Stephen Booth EPCC Stephen Booth GridSafe Overview.

Software Engineering Project: Research Expert Prabhavathi Kumarasamy Joshua Thompson Paul Varcholik University of Central Florida.

(Business) Process Centric Exchanges

Archival Information Packages for NASA HDF-EOS Data R. Duerr, Kent Yang, Azhar Sikander.

COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.

James Akrigg Microsoft Ltd Integrating InfoPath Forms Into Workflow Solutions And Business Processes.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

Document Management Services Jim Metzger, Harland FS John Liston, ASC.

DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves.

PLANNING ENGINEERING AND PROJECT MANAGEMENT By Lec. Junaid Arshad 1 Lecture#03 DEPARTMENT OF ENGINEERING MANAGEMENT.

4395bis irireg Tony Hansen, Larry Masinter, Ted Hardie IETF 82, Nov 16, 2011.

DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals.

SKOS. Ontologies Metadata –Resources marked-up with descriptions of their content. No good unless everyone speaks the same language; Terminologies –Provide.

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

Information explosion 1.4X 44X Empower the UserEnable the Compliance Officer In Place and Extensible Easy for IT Exchange, SharePoint, Windows Outlook,

1 Interim Report of the IWGDD May Overview: Pursuing Goals to Harness the Power of Digital Data for Science and Society The IWGDD recommends that.

Module 11 Authorizing Users to Access Resources. Module Overview Authorizing User Access to Objects Authorizing Users to Execute Code Configuring Permissions.

Jini Architectural Overview Li Ping

ICOM TC Charter TC’s Scope –Specify the normative standards for collaboration objects, along with their attributes, relationships, constraints, and behavior,

Media Control Policy Chris Boulton, Umesh Chandra, Roni Even, Cullen Jennings, Alan Johnston, Brian Rosen, Mark Trayer.

1 Multi-level Configuration Management with Fine-grained Logical Units Tien N. Nguyen Electrical and Computer Engineering Department Iowa State University.

The Strategy Pattern (Behavioral) ©SoftMoore ConsultingSlide 1.

Synchronise work on DEXs and reference data between PLCS pilots and OASIS/PLCS Workshop #3 10 – 11 November 2004.

Copyright © 2004, Keith D Swenson, All Rights Reserved. OASIS Asynchronous Service Access Protocol (ASAP) Tutorial Overview, OASIS ASAP TC May 4, 2004.

Google Sites Credit to: Rich Hoeg, Create rich web pages easily Collect all your info in one place Control who can view and.

1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,

Architecture Ecosystem SIG March 2010 Update Jacksonville FL.

Document Management Alliance (DMA)

OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.

#SummitNow Dynamic Data List Driven Constraints in Share November 14 th, 2013 Tony Parzgnat – Technology Services Group.

CSE Operating System Principles File Systems.

HR Development Division PA Office of Administration Room 511 Finance Building Harrisburg PA Enterprise Portal Community Management Overview Click.

OSLC PLM Reference model February Summary of the OSLC PLM Reference Model V0.2 February 22 nd 2011 Gray Bachelor Mike Loeffler OSLC PLM Workgroup.

Agreement-based Grid Service Management (OGSI-Agreement) Editors: K. Czajkowski (USC/ISI), A. Dan, J Rofrano (IBM), S. Tuecke, ANL M. Xu (Platform) Asit.

Implementing a Security Policy in Laserfiche 8 LAB 201 Steve Hackney.

OGSA-WG Basic Profile Session #1 Security

IT.CAS.Web2.0 Kyle Erickson

Microsoft Dynamics.

Source Code Management

Jonathan Rosenberg dynamicsoft

Software Requirements Specification (SRS) Template.

CMIS ACL-Proposal Jan 2009.

ICOM TC Charter TC’s Scope Out of TC’s Scope Call for Participation

Presentation transcript:

CMIS ACL-PROPOSAL Jan 2009

 Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics

Scenarios Documents Development: No permissions used (might be passed through, but not interpreted) Runtime: Admin or enduser knows the permissions, assigned by a user to the documents End-User Collaboration Scenario CMIS Application CMIS Application permissions

Scenarios Documents Development: Usage of Permissions is being coded into the application Runtime: Application Background Tasks CMIS Application CMIS Application permissions mappings? permissions permissions

Recap CMIS Objects

ACL Concept Policies

READ WRITE ALL Read All Delete FileWriteProperty ReadPolicy ReadContent UnfileWriteContent Write WritePolicy ReadProperty Version Permissions ACL Concept

Discussion Topics  Assumption: unified user base  no user discovery, no mapping (within the scope of CMIS) ok ?  Scenario: flexible mapping („level 1“) vs. known permissions („level 2“) ?  Permissions (Level 2): extended permissions required vs. Read/Write/All ?  Modelling of ACLs: Policies vs. Properties ? [if policies] entire ACL vs. individual ACEs as Policy ?  Format for ACLs: XACML vs. XML vs. other format ? format for principals (plain ID vs. type info + ID) ?  ACL Assignment: atomic action when creating an object vs. inheritance ?  ACL Inheritance: on create vs. create + lifetime ?

Revised proposal outline  GetACLs()  A collection of ACEs that are: (,, boolean isInherited)  DeleteACE() – or SET  MUST fail is ACE isInherited  AddACE() – or SET  MUST fail is object is not securable or repository does not support setting ACLs.  RepositoryInfo:  ACLSupportLevel: None, Get, Set  Object Type definition includes:  isSecurable  Note: This proposal models ACLs as separate from policies (likely as a service on objects)  Open questions:  Need to make sure that there’s a way to express that a system has ACLs per-container and not per-document.  Can we now delete Policies from the spec entirely?  Is the permission set extensible or fixed?  What rights do you need to get or set ACLs?  Can we leverage the XACML standard for this capability? (Seems like no, so far)  Need to make sure that we’re leveraging the knowledge/best practices?  Why do we think we’ll succeed with an ACL approach (vs. policies) when iECM/JCR have gone the other way?  Need to make sure that we’ve covered the basic collaborative cases (e.g. team sites, wikis, “my” content)…  Out-of-scope:  Repository offers no guarantee that the ACL list is complete (E.g. we won’t expose DENY rights, etc.)  There’s no explicit statement about how to compute effective permissions for a user from the ACL (e.g. how inheritance/precedence of ACLs works)