wiki:Modules/Auth

Version 6 (modified by danny, 13 years ago) (diff)

--

Authentication and Authorization module

  • Authentication
    • (local) database
    • OpenId?
    • LDAP
    • IP based
    • ...
  • Authorization
    • Permissions
      • read
      • write (create, update, delete)
      • execute
    • Resources
      • tables
      • rows
      • columns
      • files
    • ...

Please put your requirements here.

Needs of the PhenoFlow module (lifelines, bbmri, gids2.0, col7a1, xgap)

PhenoFlow is the user interface for searching, browsing and extracting phenotype data from the Pheno model. This browsing module will be central in most of our applications.

The systems (that will be) using this module are

  • LifeLines (datawarehouse)
  • BBMRI-NL (biobank catalog) and
  • gids (2.0).
  • COL7A1 Phenotype/Patient? browser (here one gene == one investigation)
  • XGAP data browser

Requirements:

  • Users need to be able to login
  • All registered users have edit permissions to create new investigations
  • All existing investigations can only be listed (names) but no other values
  • All investigations are owned by one or more persons
  • If not yet owned, users can request to become manager of an investigation.
  • Otherwise users can request read access to the investigation
  • Users can create groups of themselves (except for lifelines)
  • Users can share an investigation and all its components to [public, groups, whitelists of users) for viewing
  • The sharing rules can be read or write (so that means they can transfer management of an investigation)
  • All InvestigationElement? inherit the sharing rules set on an investigation (hence, if the investigation is public so are all its elements)
  • Individual investigation elements, and the dataelements that refer to them can have different permissions (lifelines)

Issues:

See www.myexperiment.org for some inspiration on how this 'sharing' model can work. See www.myexperiment.org for some inspiration on how this 'sharing' model can work.

Needs of the xQTL Workbench

Requirements:

General:

  • All data input/output needs to be closed / secured
  • Unregistered users can still view public datasets

User:

  • Users need to be able to register (as users)
  • Confirmation email to the registrar
  • Users need to be able to register/confirm their email
  • Users need to be able to login
  • When loged in users are able to view public datasets and their own datasets

Admin:

  • Administrators need to be able to: Authenticate users, Ban users, Delete unused accounts
  • Administrators are not able to register, view all,execute all
  • Users cannot be promoted to admin, admins cannot be demoted to users
  • Admins donnot register, but are 'hardcoded' into the application