1. CMIS ACL-Proposal
26-28 Jan 2009

2. Motivation: Scenarios
Policies: Recap
ACL Concept
Proposal: Discussion Topics

3. Scenarios End-User Collaboration Scenario
Development: No permissions used (might be passed through, but not interpreted)
Runtime: Admin or enduser knows the permissions, assigned by a user to the documents
CMIS
Application
CMIS
Application
permissions
Documents

4. Scenarios Background Tasks
Development: Usage of Permissions is being coded into the application
Runtime: Application
per-
missions
permissions
mappings?
CMIS
Application
CMIS
Application
permissions
Documents

5. Recap
CMIS Objects

6. ACL Concept
Policies

7. ACL Concept Permissions All Write Read WritePolicy Delete
WriteProperty
WriteContent
File
Unfile
Version
READ
Read
ReadProperty
ReadContent
ReadPolicy

8. Discussion Topics
Assumption: unified user base  no user discovery, no mapping (within the scope of CMIS) ok ?
Scenario: flexible mapping („level 1“) vs. known permissions („level 2“) ?
Permissions (Level 2): extended permissions required vs. Read/Write/All ?
Modelling of ACLs: Policies vs. Properties ? [if policies] entire ACL vs. individual ACEs as Policy ?
Format for ACLs: XACML vs. XML vs. other format ? format for principals (plain ID vs. type info + ID) ?
ACL Assignment: atomic action when creating an object vs. inheritance ?
ACL Inheritance: on create vs. create + lifetime ?