Forum OpenACS Development: Re: XoTCL permissions

Collapse
2: Re: XoTCL permissions (response to 1)
Posted by Gustaf Neumann on 09/08/07 11:29 AM
Malte, i am not sure what you mean by "XoTCL permissions". i have the impression that your are not talking about the policies in xowiki but about the design of a new permission management system. The first question would be the "what" and the second step the "how". If i would reconsider the security management of OpenACS, i would orient it in terminology and semantics on the NIST standard of RBAC. Following standards eases as well the communiication with larger organizations.

We did some work in this direction over the last years (see e.g. the following publication)_

G. Neumann, M. Strembeck: Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language, in: Proc. of the 8th ACM Conference on Computer and Communication Security (CCS), Philadelphia, USA, November, 2001. http://wi.wu-wien.ac.at/home/mark/publications/ccs01.pdf

The implementation is available from Mark Strembeck's home-page: http://wi.wu-wien.ac.at/home/mark/xoRBAC/index.html

Collapse
3: Re: XoTCL permissions (response to 2)
Posted by Malte Sussdorff on 09/08/07 04:55 PM
This is interesting, I will take a deeper look into that. Great.

The only thing I guess I was wondering about is if XoTCL Core provides a functionality to check by default the permissions on objects. Therefore, if I want to retrieve object_id 2345 it will first check if I have read permission before allowing me to access it.

In OpenACS this is not possible by default, I need to call "permission::permission_p -object_id 2345 -privilege read". My understanding was that this generic approach could be easily adopted in XoTCL, effectively leaving no object without permissions (by having the filter call permission::permission_p for me on all objects). Does this make more sense?

Thanks for the links, I will look into them in detail later this weekend. And yes you are right, I was not talking about the xowiki policies. Out of curiosity, why did you not base them on xoRBAC? Or should I first read the whole documentation before asking the question as you might have done so?