Version 1 (modified by JuergeN, 13 years ago) (diff) |
---|
Jürgen Neumann? <j.neumann{at}junes{dot}eu>
Notes from Gilleleje 09./10.07.2011
- HTML5 approach for user-interface is the right direction
- A text based interface would be cool for testing (Eclipse?)
- What can we learn from LDAP especially in terms of LDIF and syncronisation?
- We need a glossary. What is a workspace (=domain?)
- Associations may also be functions or transformations. How could this be handled in the user-interface?
- Workspaces could suggest predefined ACL settings like a private, family or job workspace
- What hooks do we need? cron, timer, event handler ...
- Can we use OWL? What would be missing?
- Describe a valid file for ObjectClass?, AssociationType? and their instances
- Binary Content shall be stored in filesystem or in database like Couche-DB (including full-text index and versioning)
- make concept for versioning (of content)
- Define more pre-defined edges (like order or critical path)
- change edges to Bezier curves
- adding weight to edges could be useful
- Do we switch to a new Version 4.0?
Urgently Missing Concepts for Operational Platform
Security Concept
Especially today with all the myfaces and other social networks out there, the sensitivity for data security is widely rising. Not just for that reason, but also because it is my personal precondition, I want DeepaMehta to be a very secure application. Therefore I think that the following concepts should all go into the core of DeepaMehta and no workarround should be implemented at any time or for any reason. In a later version we might even implement a GPG like public private key data encryption.
User Concept
Every operation in DeepaMehta should be done by an identified user. Users (and groups) should be handled through UID (and GID)
SYSTEM | root | user(n) | anonymous | nobody(?)
Every user should have their own group (like in UNIX)
Secure Passwords
Passwords should be stored securely, hashes with salt etc. (do research)
Operations
We need to define a list of valid operations such as
- create
- modify
- delete
- view/read
- search/scan
- compare(true/false)
Roles
Valid operations should be defined through roles, like
- administrator
- creator
- owner
- peer/manager/editor
- everyone
Roles should be assined to users and groups.
Attributes
Every object should have a set of attributes, e.g.
- create time
- modify time
- access time
- creator
- owner
- ro
- hidden
- private
- isolated (cannot be linked) (?)
- label (?)
Example: _ _ object (_)-----------------(_) user attribute:owner
Access Control Lists
Every object (nodes and edges) shall have ACLs.
- Group A: read only (ro)
- Group B: read write (rw)
- everyone: read only (ro)
Questions: How do ACLs relate to edges? May one see the association to a hidden object?
ACLs can be set on user and group level.
Locations
Operations could be limited through location address (localhost, 192.168.0.1, etc.), Just like in Apache or 'MySQL'