...
- Address concerns with current design:
- persistence of ACLs for external nodes
- limitations of implemented inheritance/override model
- Overview of XACML policies and policy sets
- peek at the JBOSS policy engine
- Begin a new XACML design page, i.e. mapping XACML to fedora authz delegate, etc..
- How to specify effective XACML policies for a given node/region?
- How and where to persist policy objects?
- How to map Fedora metadata into XACML request/context attributes
- which attributes are always in the XACML request context?
- which attributes are also available to policies via the attribute finder?
- More???
...
- Kevin S. Clarke Investigate what data is available on incoming authz requests for newly created objects, i.e. in Session
- Do we have enough information via the Path parameter to determine access for metadata? (Implementation-specific identification of readable metadata)
- Eric James Identify trade-offs for different acl persistence strategies.
- Greg Jansen Elaborate on the design enough to make it a topic of the commiter call. (Outline the APIs used and take a use case through the entire sequence of events.)
...