Canoga Access Control List Design
Contents
Summary
Whenever Chandler repository data is accessed remotely, we need an appropriate security model to make sure only intended remote users with the right privileges access and edit the repository data. We use Access Control Lists as the security model in Canoga and this document describes the details of the Canoga access control list model.
Terminology
- Permission Level - A privilege or right that an authenticated user has. It is usually used in the context of an AccessControlList attached to a shared item or View, in which case the permission level determines the rights of particular user(s) to the remote item or view.
- In Canoga, we have 3 permission levels:
- Private: No remote access is permitted for this item or collection
- Read-only: Can only be viewed, not edited
- Editable: Read, write, create and delete privileges as well as the ability to further give (or revoke) other users permissions on the unit of sharing. Also ability to delete the unit of sharing.
- [Note as of 30 Mar 2004, we removed "Admin" privileges and collasped its privileges with "Editable"]
- See also CanogaAccessControlListDesign? for application of PermissionLevel
|
Use Cases and Design Motivation
Use cases related to access control lists are all
sharing use cases. Also related are any use cases that use the Chandler repository as a platform and require access to a remote Chandler repository through some as-yet-undesigned API.
We are taking a "liberal" approach to permissions and access control. We observe that the OSAF wiki is open to everyone, and there have been only a handful of cases where we had to intervene to restore wiki content. This motivates us to keep the permission levels simple (private, read-only, editable) but coarse-grained.
Structure
Workflows
Feature List
Open Issues
Notes
Contributors
Comments Welcome
A use case that may not be covered by the levels mentioned above is when someone needs to add a calendar or todo item for someone else, e.g. an administrative assistant should be able to insert items and view items but not necessarily delete or edit items.
-- MikeT - 31 Mar 2004