Changes between Version 9 and Version 10 of JuergeN
- Timestamp:
- 18.07.2011 17:53:08 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
JuergeN
v9 v10 80 80 Which operations does the server offer/allow on objects and associations? 81 81 We need to define a list of valid operations for Topics Associations and ~Types. Those are: 82 * create ( CreateTopic / CreateAssociation / CreateTopicType / CreateAssociationType)82 * create (createTopic / createAssociation / createTopicType / createAssociationType) 83 83 * update/modify 84 84 * delete … … 98 98 * member (workspace) 99 99 * peer/manager/editor 100 * everyone 100 * everyone (=every user) 101 * anonymous 101 102 102 103 Roles should be assined to users and groups. … … 104 105 105 106 === Attributes === 106 Every object should have a set of inherent attributes ( properties), e.g.107 Every object should have a set of inherent attributes ( which may be properties or associations), e.g. 107 108 * create time 108 109 * modify time 109 110 * access time 110 * not : creator -> association111 * not : owner -> association111 * not property: creator -> association 112 * not property: owner -> association 112 113 * ro 113 * not : hidden -> association (viewable e.g. based on context)114 * not property: hidden -> association (viewable e.g. based on context) 114 115 * private (interface shortcut for ACL) 115 116 * isolated (=object cannot be associated) (insterface shortcut for ACL) 116 * not : label -> association -> name/label117 * not property: label -> association -> name/label 117 118 118 119 === Access Control Lists === 119 Every object (nodes and edges) shall have inherent ACLs (properties) .120 * Group A: read (r)121 * Group B: read ,update,delete (rud)122 * everyone: read (r)123 * user(n): associate (a) 120 Every object (nodes and edges) shall have inherent ACLs (properties) to define permissions on this object. 121 * Group A: read only (ro) 122 * Group B: read write (rw) incl. delete 123 * everyone: read only (ro) 124 * user(n): associate (a) (create an association towards this object) 124 125 125 126 Questions: How do ACLs relate to edges? May one see the association to a hidden object? … … 127 128 ACLs can be set on user and group level. 128 129 130 === Operation Control List === 131 Especially for TopicType and WorkSpace, we need to define who may do what by role and operation on the object. It defines e.g if user may create or search an instance of an object, user may join a certain workspace, create (and send) an email (function) or in general who may use domain specific functions. 132 The operation is to a certain role: 133 134 * role: operation 135 * member: createInstance 136 129 137 === Locations === 130 138 131 139 Operations could be limited through location address (localhost, 192.168.0.1, etc.), Just like in Apache or 'MySQL' 140 Location shall be part of the Token to allow certain operations only from localhost, or IP XXX.YYY.ZZZ.ABC 141 e.g. when uploading a file it is important to know if you work on localhost (just add a link) or if working on a remote server then open upload dialogue. 142 143 === Token === 144 145 Server creates Token for user and validates the token (like Kerberos or OpenAuth).