wiki:JuergeN/Notes

Version 1 (modified by JuergeN, 13 years ago) (diff)

--

Striked-through items have been transfered to ticket-system or elsewhere or are obsolet.

Julian Priest, Wed, 3 Aug 2011

hey juergen,

thanks have installed and it all looks good.

contacts import would be a good feature for mapping your personal networks - and nice to not be posting it to the world!

the html interface seems really good and reckon a .deb installer would be a boost too.

cheers

/julian

Notes from 18.07.2011 jpn,jri,dgf

Notes from 16.07.2011

  • Define Words for DeepaMehta Application Server and DeepaMehta Standard GUI to clearify
  • Write Documentation
  • Clearify License Terms and Fullfillment in distribution~~

Notes from Gilleleje 09./10.07.2011

  • HTML5 approach for user-interface is the right direction
  • A text based interface would be cool for testing (Eclipse?)
  • What can we learn from LDAP especially in terms of LDIF and syncronisation?
  • We need a glossary. What is a workspace (=domain?)
  • Associations may also be functions or transformations. How could this be handled in the user-interface?
  • Workspaces could suggest predefined ACL settings like a private, family or job workspace
  • What hooks do we need? cron, timer, event handler ...
  • Can we use OWL? What would be missing?
  • Describe a valid file for ObjectClass?, AssociationType? and their instances
  • Binary Content shall be stored in filesystem or in database like Couche-DB (including full-text index and versioning)
  • make concept for versioning (of content)
  • Define more pre-defined edges (like order or critical path)
  • change edges to Bezier curves
  • adding weight to edges could be useful
  • Do we switch to a new Version Name DeepaMehta 4?

Urgently Missing Concepts for Operational Platform

Security Concept

Especially today with all the myfaces and other social networks out there, the sensitivity for data security is widely rising. Not just for that reason, but also because it is my personal precondition, I want DeepaMehta to be a very secure application. Therefore I think that the following concepts should all go into the core of DeepaMehta and no workarround should be implemented at any time or for any reason. In a later version we might even implement a GPG like public private key data encryption.

User Concept

Every operation in DeepaMehta should be done by an identified user. Users (and groups) should be handled through UID (and GID)

 SYSTEM
   |
  root 
   |
  user(n)
   |
 anonymous
   |
 nobody(?)

Every user should have their own group (like in UNIX)

Secure Passwords

Passwords should be stored securely, hashes with salt etc. (do research)

Operations

Which operations does the server offer/allow on objects and associations? We need to define a list of valid operations for Topics Associations and ~Types. Those are:

  • create (createTopic / createAssociation / createTopicType / createAssociationType)
  • update/modify
  • delete
  • get/read (by ID/Value)
  • search/scan
  • navigate (what's related?)
  • still missing: equals/compare(true/false)

Roles

Valid operations should be defined/idenfied through roles (via Tokens), like

  • SYSTEM
  • administrator
  • creator
  • owner
  • member (workspace)
  • peer/manager/editor
  • everyone (=every user)
  • anonymous

Roles should be assined to users and groups.

Attributes

Every object should have a set of inherent attributes ( which may be properties or associations), e.g.

  • create time
  • modify time
  • access time
  • not property: creator -> association
  • not property: owner -> association
  • ro
  • not property: hidden -> association (viewable e.g. based on context)
  • private (interface shortcut for ACL)
  • isolated (=object cannot be associated) (insterface shortcut for ACL)
  • not property: label -> association -> name/label

Access Control Lists

Every object (nodes and edges) shall have inherent ACLs (properties) to define permissions on this object.

  • Group A: read only (ro)
  • Group B: read write (rw) incl. delete
  • everyone: read only (ro)
  • user(n): associate (a) (create an association towards this object)

Questions: How do ACLs relate to edges? May one see the association to a hidden object?

ACLs can be set on user and group level.

Operation Control List

Especially for TopicType? and WorkSpace?, we need to define who may do what by role and operation on the object. It defines e.g if user may create or search an instance of an object, user may join a certain workspace, create (and send) an email (function) or in general who may use domain specific functions. The operation is to a certain role:

  • role: operation
  • member: createInstance

Locations

Operations could be limited through location address (localhost, 192.168.0.1, etc.), Just like in Apache or 'MySQL' Location shall be part of the Token to allow certain operations only from localhost, or IP XXX.YYY.ZZZ.ABC e.g. when uploading a file it is important to know if you work on localhost (just add a link) or if working on a remote server then open upload dialogue.

Token

Server creates Token for user and validates the token (like Kerberos or OpenAuth).