/
Hydra Tech Call 2016-09-07

Hydra Tech Call 2016-09-07

Jun 16, 2017

Time: 9:00am PDT / Noon EDT

Call-In Info: 1-641-715-3660, access code 651025

Moderator: @cam156

Notetaker: @Esmé Cowles

Attendees

  • @cam156

  • @Esmé Cowles

  • @Steven Ng

  • @Anna Headley

  • @Adam Wead

  • @Jeremy Friesen

  • @Jennifer Lindner

  • @justin

  • @Andrew Myers

  • @Michael Joseph Giarlo

  • @Trey Pendragon

  • @Lynette Rayle

Agenda

  1. Roll call by timezone per following order - ensure notetaker is present

    1. folks outside North and South America

    2. Eastern timezone

    3. Central timezone

    4. Mountain timezone

    5. Pacific timezone

    6. folks who were missed or who dialed in during roll call

  2. Call for additional agenda items (moderator)

  3. Admin access to repo objects: ability or WebAC? (Giarlo)

    1. Mike: Different approaches to providing administrative access (unlimited/unrestricted access to all objects)

      1. Role-based (persisted in repository)

      2. An ability that's enforced in code: very easy

    2. Carolyn: Scholarsphere uses a CanCan ability

    3. Justin: You also need to handle SearchBuilders to make sure queries reflect admin abilities

      1. It also helps interoperability if the admin role is persisted in the repository

    4. Jeremy: We also had ability-based admin rights

    5. Trey: CC has roles in Fedora, but the permissions are defined in the ability, so there's a split between who can edit and what edit means

    6. Justin: For example, does "edit" mean you can edit the AdminSet?

    7. Mike: How does access control get persisted? Surely not adding a user to each resource?

    8. Justin: Using groups

    9. Justin: Also good to have different sets of admins for different collections

      1. Lynette: We have that use case at Cornell

    10. Justin: Not a good idea to include group membership in Fedora, since you probably already have an external system for that, and don't want to manage in multiple places

    11. Trey: Maybe it would be useful to simplify preserving group membership?

    12. Jeremy: We are separating groups from roles: groups are proxies for users, roles are proxies for actions

    13. Justin: That doesn't line up with the WebAC draft spec, you may want to bring up that distinction

    14. Lynette: We've been thinking about groups and roles being separate too

    15. Mike: Not ready to move this forward, but expect to put them in the repository for maximum interoperability

  4. Moderator/notetaker for next time:

    1. Moderator: @Steven Ng

    2. Notetaker: @Jeremy Friesen