Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMIS ACL-PROPOSAL 26-28 Jan 2009.  Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics.

Published byDaniel Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "CMIS ACL-PROPOSAL 26-28 Jan 2009.  Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics."— Presentation transcript:

1 CMIS ACL-PROPOSAL 26-28 Jan 2009

2  Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics

3 Scenarios Documents Development: No permissions used (might be passed through, but not interpreted) Runtime: Admin or enduser knows the permissions, assigned by a user to the documents End-User Collaboration Scenario CMIS Application CMIS Application permissions

4 Scenarios Documents Development: Usage of Permissions is being coded into the application Runtime: Application Background Tasks CMIS Application CMIS Application permissions mappings? permissions per- missions

5 Recap CMIS Objects

6 ACL Concept Policies

7 READ WRITE ALL Read All Delete FileWriteProperty ReadPolicy ReadContent UnfileWriteContent Write WritePolicy ReadProperty Version Permissions ACL Concept

8 Discussion Topics  Assumption: unified user base  no user discovery, no mapping (within the scope of CMIS) ok ?  Scenario: flexible mapping („level 1“) vs. known permissions („level 2“) ?  Permissions (Level 2): extended permissions required vs. Read/Write/All ?  Modelling of ACLs: Policies vs. Properties ? [if policies] entire ACL vs. individual ACEs as Policy ?  Format for ACLs: XACML vs. XML vs. other format ? format for principals (plain ID vs. type info + ID) ?  ACL Assignment: atomic action when creating an object vs. inheritance ?  ACL Inheritance: on create vs. create + lifetime ?

9 Revised proposal outline  GetACLs()  A collection of ACEs that are: (,, boolean isInherited)  DeleteACE() – or SET  MUST fail is ACE isInherited  AddACE() – or SET  MUST fail is object is not securable or repository does not support setting ACLs.  RepositoryInfo:  ACLSupportLevel: None, Get, Set  Object Type definition includes:  isSecurable  Note: This proposal models ACLs as separate from policies (likely as a service on objects)  Open questions:  Need to make sure that there’s a way to express that a system has ACLs per-container and not per-document.  Can we now delete Policies from the spec entirely?  Is the permission set extensible or fixed?  What rights do you need to get or set ACLs?  Can we leverage the XACML standard for this capability? (Seems like no, so far)  Need to make sure that we’re leveraging the knowledge/best practices?  Why do we think we’ll succeed with an ACL approach (vs. policies) when iECM/JCR have gone the other way?  Need to make sure that we’ve covered the basic collaborative cases (e.g. team sites, wikis, “my” content)…  Out-of-scope:  Repository offers no guarantee that the ACL list is complete (E.g. we won’t expose DENY rights, etc.)  There’s no explicit statement about how to compute effective permissions for a user from the ACL (e.g. how inheritance/precedence of ACLs works)

Download ppt "CMIS ACL-PROPOSAL 26-28 Jan 2009.  Motivation: Scenarios  Policies: Recap  ACL Concept  Proposal: Discussion Topics."

Similar presentations

Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.

Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.
Top 10 things you need to know about SharePoint Site Administration

Top 10 things you need to know about SharePoint Site Administration
How did we get here? (CMIS v0.5) F2F, January 2009.

How did we get here? (CMIS v0.5) F2F, January 2009.
W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.

W3C XML Schema: what you might not know (and might or might not like!) Noah Mendelsohn Distinguished Engineer IBM Corp. October 10, 2002.
New Challenges for Access Control April 27, 2005 1 Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,

Requirements Engineering n Elicit requirements from customer  Information and control needs, product function and behavior, overall product performance,
Windows SharePoint Services: Advancements In Document, Content, And Data Storage Dustin Friesenhahn OFF409 Program Manager Microsoft Corporation.

Windows SharePoint Services: Advancements In Document, Content, And Data Storage Dustin Friesenhahn OFF409 Program Manager Microsoft Corporation.
Oracle Beehive Vivek Pavle Orabyte LLC www.orabyte.com Orabyte.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
1 Workshop on Metadata Interoperability for Electronic Records Management November 15, 2001 Archives II, College Park, MD.

1 Workshop on Metadata Interoperability for Electronic Records Management November 15, 2001 Archives II, College Park, MD.
Building Personal Collections and Networks of Digital Objects in a Fedora Repository Using VUE Anoop Kumar Nikolai Schwertner Tufts University Fedora User.

Building Personal Collections and Networks of Digital Objects in a Fedora Repository Using VUE Anoop Kumar Nikolai Schwertner Tufts University Fedora User.
ADML A result of cooperation and leverage! The Open Group W3C OMG MCC CMU.

ADML A result of cooperation and leverage! The Open Group W3C OMG MCC CMU.
UW-Madison PKI Lab Keith Hazelton Principal Investigator, UW-Madison PKI Lab Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.

UW-Madison PKI Lab Keith Hazelton Principal Investigator, UW-Madison PKI Lab Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
XML, DITA and Content Repurposing By France Baril.

XML, DITA and Content Repurposing By France Baril.
1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.

1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.
 Name: Hatem elbuhaisi  Name no: 120100071  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows.

 Name: Hatem elbuhaisi  Name no:  University of Palestine  Miss : yasmen elboboo  Chairing Information Technology Hands-On Microsoft Windows.
Security Aspects Of Directory Enabled Applications Praerit Garg Program Manager Windows NT Security Microsoft Corporation.

Security Aspects Of Directory Enabled Applications Praerit Garg Program Manager Windows NT Security Microsoft Corporation.
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Content Management Interoperability Services (CMIS)

Content Management Interoperability Services (CMIS)

Similar presentations

Ads by Google