...
- Collect stakeholder feedback on Sprint 1
- Review Phase1 scope/use-cases
- Allow admin agent to always have full access to resources and ACLs
- Allow admin agent to CRUD ACLs
- Allow admin agent to assign ACLs to resources
- Allow a specific agent to READ a resource
- Allow a specific agent to READ and WRITE a resource
- Allow a specific agent to CREATE a resource, but not update it
- Allow a specific agent to assign an ACL
- Allow a class of agent to do the above (d - g)
- Allow a specific agent to do the above over a class of resources (d - g)
- Allow a class of agent to do the above over a class of resources (d - g)
- When access is denied return a 403 and a body (or link header) with cause
- What Phase1 requirements must be addressed in Sprint2?
- Link header
- Remote ACLs
- ...
- Schedule second sprint
- Discuss Phase2 scope/use-cases
- Allow a request from a specific I.P. address (or range?) to do the above for a resource and a class of resources (2.d - g)
- Enforce authorization policy on a resource (or class of resources) based on that resource's association to a licenses (or tag)
- Enforce datetime sensitive authorization polices (i.e. embargos / leases)
- Allow authorization decisions based on nested ACLs (i.e. acl:include)
- Demonstrate pattern for enforcing the same authorization decisions as found in the repository in the context of Solr queries
...