...
- Time: 10:00am PDT / 1:00pm EDT
ZOOM connection: https://notredame.zoom.us/j/94030214208
(link will launch Zoom client – if you do not have Zoom, expand the instructions below)Expand title Click to view telephone/H.323/SIP connection instructions Meeting ID: 940 3021 4208
One tap mobile
- +13017158592,,94030214208# US (Germantown)
- +13126266799,,94030214208# US (Chicago)
Dial by your location
- +1 301 715 8592 US (Germantown)
- +1 312 626 6799 US (Chicago)
- +1 646 558 8656 US (New York)
- +1 253 215 8782 US (Tacoma)
- +1 346 248 7799 US (Houston)
- +1 669 900 6833 US (San Jose)
Meeting ID: 940 3021 4208
Find your local number: https://notredame.zoom.us/u/aPls29JbL
Join by SIP 94030214208@zoomcrc.com
Join by H.323
- 162.255.37.11 (US West)
- 162.255.36.11 (US East)
- 115.114.131.7 (India Mumbai)
- 115.114.115.7 (India Hyderabad)
- 213.19.144.110 (EMEA)
- 103.122.166.55 (Australia)
- 64.211.144.160 (Brazil)
- 69.174.57.160 (Canada)
- 207.226.132.110 (Japan)
Meeting ID: 940 3021 4208
Agenda
(meeting notes below)
- Topics from May 2021 Dev Congress
- Hyrax ACL & Authorization Group Whiteboarding
Facilitators: Lynette Rayle, tamsin johnson, Jeremy Friesen
...
- select one topic for today - ACL & Authorization Group
- Nested Indexing will be tomorrow
- Work is not visible to owner in a mediated workflow if embargo selected - https://github.com/samvera/hyrax/issues/3817
- more discussed in issue regarding permissions than just this described issue
- short-circuiting ability class
- controller logic doesn't necessarily make sense for why you would be there
- sipity workflow lands you in this spot, it looks like
- implementation rule suggestion: way we determine object level access is through ACL only
- object has ACL with permissions assigned (mode and agent/user/group)
- ACL handles read, discover, edit over users and groups
- always positive access grant
- this issue creates circumstance where particular user (depositor) does have read access even though there is no ACL that grants that access - that should be wrong if we go with ACL-defined access
- one caveat: Fedora has object status (inactive or active) - Hyrax only uses inactive and that underlies "suppress"
- ACL and suppress flags are re-implemented in Valkyrie adapters, by the way
- how is strictly following ACL problematic?
- IU and Avalon permissions are not necessarily just object level permissions so there are other things to consider
- object permissions should maybe refer to repository object permissions (PCDM-level considerations, so file or fileset or collection or repository object)
- sipity workflow and its understanding of permissions
- state machine that sipity knows is state of workflow (so not Fedora active/inactive object state)
- knows who can take an action for a given workflow state
- when state changes, sipity should be able to modify ACLs
- there's some dangers there since other people could modify ACLs on object that would conflict with sipity modifying ACLs
- for things that have ACLs, the ACL is the law
- workflow authorization (sipity engine determines if user is in role that can do an action/state transition)
- cancan authorization (mostly, what a user can do from controllers - is user authorized to view page/download object)
- these 2 authorizations are floating above ACLs and should respect ACLs
- getting sipity to follow rules that way can cause the conflict described earlier when state changes
- use cases: https://docs.google.com/spreadsheets/d/1WWrMgcVo9nF_EdyFuD6npNg4_CV4nMU55DMTCP0-rkk/edit#gid=0
- user role and state make difference for permissions
- Avalon doesn't use self-deposit
- group level permissions based on state in deposit cycle (published or not published in Avalon, for example)
- group can read item if item is published - example
- sipity functions can change ACLs but this can make implementing these example use cases challenging
- on tech side, stick with ACL model or not; if not, different conceptual model needed for granting ACLs
- having exceptions to ACLs is suspected to be causing buggy behavior
- use case examples can be represented in database so it might not be difficult to represent them for look-up
- Hyrax codebase is not implementing this via database; layering on top of ACLs with complicated logic checks that are hard to decipher