Time/Place

• Time: 3:00pm Eastern Daylight Time US (UTC-4)
• Call-in: 
  • U.S.A/Canada toll free: 866-740-1260, participant code: 2257295
  • International toll free: http://www.readytalk.com/intl

Attendees

• David Wilcox
• Andrew Woods
• Nick Ruest
• Joshua Westgard
• Stefano Cossu
• Ben Wallberg
• Peter Eichman
• Karen Estlund
• Unknown User (acoburn)
• Jared Whiklo

Agenda

1. Collect stakeholder feedback on Sprint 1
2. Review Phase1 scope/use-cases
   1. Allow admin agent to always have full access to resources and ACLs
   2. Allow admin agent to CRUD ACLs
   3. Allow admin agent to assign ACLs to resources
   4. Allow a specific agent to READ a resource
   5. Allow a specific agent to READ and WRITE a resource
   6. Allow a specific agent to CREATE a resource, but not update it
   7. Allow a specific agent to assign an ACL
   8. Allow a class of agent to do the above (d - g)
   9. Allow a specific agent to do the above over a class of resources (d - g)
   10. Allow a class of agent to do the above over a class of resources (d - g)
   11. When access is denied return a 403 and a body (or link header) with cause
3. What Phase1 requirements must be addressed in Sprint2?
   1. Link header
   2. Remote ACLs
   3. ...
4. Schedule second sprint
5. Discuss Phase2 scope/use-cases
   1. Allow a request from a specific I.P. address (or range?) to do the above for a resource and a class of resources (2.d - g)
   2. Enforce authorization policy on a resource (or class of resources) based on that resource's association to a licenses (or tag)
   3. Enforce datetime sensitive authorization polices (i.e. embargos / leases)
   4. Allow authorization decisions based on nested ACLs (i.e. acl:include)
   5. Demonstrate pattern for enforcing the same authorization decisions as found in the repository in the context of Solr queries

Related Documents

• https://www.w3.org/wiki/WebAccessControl
• https://github.com/duraspace/pcdm/wiki#webacl
• Authorization Delegates
• http://www.w3.org/ns/auth/acl

Minutes