...
- Collect stakeholder feedback on Sprint 1
- UMD Stakeholder Feedback on Phase 1
- Can we involve stakeholders during the sprint?
- What Phase1 requirements must be addressed in Sprint 2?
- Previously defined Phase 1 requirements
- Additional and restated requirements below
- Schedule Sprint 2 planning meeting: Oct 26
Candidate Sprint 2 Requirements
- Enforce ACLs on ACL resources with filesystem-based backstop
- Add ACL uris to response headers as "Link: <acl-uri>; rel=acl"
- Implement acl:Control, acl:Append, and acl:Delete modes
- F4 MUST provide a way for external services such as Solr to enforce the authorization rules defined in the repository
- Enforce ACLs on binary files
- More documentation
- Support external ACLs (ACLs not managed by fedora)
- Add support for agentClass graphs defined within F4
- Add support for agentClass graphs defined external to F4
- Verify header-based (delegated) authentication is supported (where headers are used to define the effective agent, independent of any container-based AuthN)
- Support for inclusion of other ACLs via acl:include
- Fix bug with versioned resources:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1760 - Make webac and audit default configuration in fcrepo-webapp-plus:
Jira server DuraSpace JIRA serverId c815ca92-fd23-34c2-8fe3-956808caf8c5 key FCREPO-1773
Related Documents
- https://www.w3.org/wiki/WebAccessControl
- https://github.com/duraspace/pcdm/wiki#webacl
- Authorization Delegates
- http://www.w3.org/ns/auth/acl
Minutes
Collect stakeholder feedback on Sprint 1
- Suggestion: Include stakeholders during sprint-2 to help work through issues with sprint-1 verification process.
- This should also result in new integration tests (translations of stakeholders scenarios)
- Additional curl examples for creation and testing may be helpful
- UPDATE 2015-10-20: curl commands for populating a small test repository are here: WebAC Testing: Creating Resources and Authorizations
What Phase1 requirements must be addressed in Sprint 2?
- https://wiki.duraspace.org/display/FF/Design+-+WebAccessControl+Authorization+Delegate#Design-WebAccessControlAuthorizationDelegate-ProposedRequirements(Phase1)
- Note re: 3a: Sprint-1 implementation does not confine ACLs to reside in a "preconfigured location", but they can instead exist anywhere within the repository.
union of DELETE and UPDATE = WRITE
- Note re: 3a: Sprint-1 implementation does not confine ACLs to reside in a "preconfigured location", but they can instead exist anywhere within the repository.
Proposed Sprint-2 Requirements
1. Include in sprint-2: Enforce ACLs...
2. Not high-priority, nice to have: Add ACL...
3. Include in sprint-2: Implement acl:Control...
- Another meetings/emails required to discuss mode definitions
4. Include in sprint-2: F4 MUST provide...
- Solr: documentation for existing patterns,
- Triplestore: investigate approaches and document
- Nick to lead investigation on protecting triplestores
5. Include in sprint-2: Enforce ACLs on binary files
6. Include in sprint-2: More documentation
7. Not high-priority, nice to have: Support external ACLs...
8. Include in sprint-2: Add support for agentClass graphs defined within F4
- and document it
9. Not high-priority, nice to have: Add support for agentClass graphs defined external to F4
- does the resource need to be public or can it be protected?
- not for this sprint, if implemented at all in this sprint
10. Include in sprint-2: Verify header-based...
- More discussion needed to clarify possible scenarios
11. NOT in sprint-2: Support for inclusion of other ACLs via acl:include
- Risk due to vague relationship in spec
12. Include in sprint-2: Fix bug with versioned resources
13. Include in sprint-2: Make webac and audit default configuration in fcrepo-webapp-plus
Developer Sprint-2 Planning Meeting
- 11am meeting on 10/26