Changes between Version 9 and Version 10 of JuergeN


Ignore:
Timestamp:
18.07.2011 17:53:08 (13 years ago)
Author:
JuergeN
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • JuergeN

    v9 v10  
    8080Which operations does the server offer/allow on objects and associations? 
    8181We need to define a list of valid operations for Topics Associations and ~Types. Those are: 
    82  * create (CreateTopic / CreateAssociation / CreateTopicType / CreateAssociationType) 
     82 * create (createTopic / createAssociation / createTopicType / createAssociationType) 
    8383 * update/modify 
    8484 * delete 
     
    9898 * member (workspace) 
    9999 * peer/manager/editor 
    100  * everyone 
     100 * everyone (=every user) 
     101 * anonymous 
    101102 
    102103Roles should be assined to users and groups. 
     
    104105 
    105106=== Attributes === 
    106 Every object should have a set of inherent attributes (properties), e.g. 
     107Every object should have a set of inherent attributes ( which may be properties or associations), e.g. 
    107108 * create time 
    108109 * modify time 
    109110 * access time 
    110  * not: creator -> association 
    111  * not: owner -> association 
     111 * not property: creator -> association 
     112 * not property: owner -> association 
    112113 * ro 
    113  * not: hidden -> association (viewable e.g. based on context) 
     114 * not property: hidden -> association (viewable e.g. based on context) 
    114115 * private (interface shortcut for ACL) 
    115116 * isolated (=object cannot be associated) (insterface shortcut for ACL) 
    116  * not: label -> association -> name/label 
     117 * not property: label -> association -> name/label 
    117118 
    118119=== Access Control Lists === 
    119 Every object (nodes and edges) shall have inherent ACLs (properties).  
    120  * Group A: read (r) 
    121  * Group B: read,update,delete (rud) 
    122  * everyone: read (r) 
    123  * user(n): associate (a) 
     120Every object (nodes and edges) shall have inherent ACLs (properties) to define permissions on this object.  
     121 * Group A: read only (ro) 
     122 * Group B: read write (rw) incl. delete 
     123 * everyone: read only (ro) 
     124 * user(n): associate (a) (create an association towards this object) 
    124125 
    125126Questions: How do ACLs relate to edges? May one see the association to a hidden object? 
     
    127128ACLs can be set on user and group level. 
    128129 
     130=== Operation Control List === 
     131Especially for TopicType and WorkSpace, we need to define who may do what by role and operation on the object. It defines e.g if  user may create or search an instance of an object, user may join a certain workspace, create (and send) an email (function) or in general who may use domain specific functions.   
     132The operation is to a certain role:  
     133  
     134 * role: operation 
     135 * member: createInstance  
     136 
    129137=== Locations === 
    130138 
    131139Operations could be limited through location address (localhost, 192.168.0.1, etc.), Just like in Apache or 'MySQL' 
     140Location shall be part of the Token to allow certain operations only from localhost, or IP XXX.YYY.ZZZ.ABC 
     141e.g. when uploading a file it is important to know if you work on localhost (just add a link) or if working on a remote server then open upload dialogue. 
     142 
     143=== Token === 
     144 
     145Server creates Token for user and validates the token (like Kerberos or OpenAuth).