Changes between Version 6 and Version 7 of Modules/Auth


Ignore:
Timestamp:
2010-12-10T11:30:48+01:00 (14 years ago)
Author:
rwagner
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Modules/Auth

    v6 v7  
    11== Authentication and Authorization module ==
     2== Requirements list ==
     3=== Authentication ===
     4 * Registration of users includes email verification
     5 * Users should be able to login and logout
    26
    3  * Authentication
    4    * (local) database
    5    * OpenId
    6    * LDAP
    7    * IP based
    8    * ...
    9  * Authorization
    10    * Permissions
    11      * read
    12      * write (create, update, delete)
    13      * execute
    14    * Resources
    15      * tables
    16      * rows
    17      * columns
    18      * files
    19    * ...
     7=== Authorization ===
     8 * Resources are tables, rows, columns, files (for pipelines?)
     9 * Subjects are users, groups, public users (unauthenticated) and exactly one administrator
     10 * Permissions include read, write, execute (for pipelines?) and ownership
     11 * Resources must have exactly one user with ownership rights
     12 * Permissions are provided for resources x subjects
     13 * The administrator has all permissions excluding ownership on all resources
     14 * Authenticated users can request permissions for resources. Requests are sent to the user with ownership rights of the resource.
     15 * Groups can be created by users who have write rights on the MolgenisGroup table. The administrator is the owner of the MolgenisGroup table and can delegate rights to other users.
     16 * In case of an UpdateDatabase all permissions are reset (except for administrator)
     17 * The public user has reading permissions on all resources
     18 * Administrator can pass on permissions from parent tables to child tables with a toggle button
    2019
    21 Please put your requirements here.
     20=== Example ===
     21|| || read || write || execute || ownership ||
     22|| User1 || x || x || x || x ||
     23|| User2 || x || || x || -(?) ||
     24|| Group1 || || x || || -(?) ||
     25|| Group2 || x || x || x || -(?) ||
     26|| ... || || || || ||
     27|| Admin || x || x || x || - ||
    2228
    2329== Needs of the PhenoFlow module (lifelines, bbmri, gids2.0, col7a1, xgap) ==
     30PhenoFlow is the user interface for searching, browsing and extracting phenotype data from the Pheno model. This browsing module will be central in most of our applications.
    2431
    25 PhenoFlow is the user interface for searching, browsing and extracting phenotype data from the Pheno model.
    26 This browsing module will be central in most of our applications.
     32The systems (that will be) using this module are
    2733
    28 The systems (that will be) using this module are
    29 * LifeLines (datawarehouse)
    30 * BBMRI-NL (biobank catalog) and
    31 * gids (2.0).
    32 * COL7A1 Phenotype/Patient browser (here one gene == one investigation)
    33 * XGAP data browser
     34 * LifeLines (datawarehouse)
     35 * BBMRI-NL (biobank catalog) and
     36 * gids (2.0).
     37 * COL7A1 Phenotype/Patient browser (here one gene == one investigation)
     38 * XGAP data browser
    3439
    3540Requirements:
    36 * Users need to be able to login
    37 * All registered users have edit permissions to create new investigations
    38 * All existing investigations can only be listed (names) but no other values
    39 * All investigations are owned by one or more persons
    40 * If not yet owned, users can request to become manager of an investigation.
    41 * Otherwise users can request read access to the investigation
    42 * Users can create groups of themselves (except for lifelines)
    43 * Users can share an investigation and all its components to [public, groups, whitelists of users) for viewing
    44 * The sharing rules can be read or write (so that means they can transfer management of an investigation)
    45 * All InvestigationElement inherit the sharing rules set on an investigation (hence, if the investigation is public so are all its elements)
    46 * Individual investigation elements, and the dataelements that refer to them can have different permissions (lifelines)
     41
     42 * Users need to be able to login
     43 * All registered users have edit permissions to create new investigations
     44 * All existing investigations can only be listed (names) but no other values
     45 * All investigations are owned by one or more persons
     46 * If not yet owned, users can request to become manager of an investigation.
     47 * Otherwise users can request read access to the investigation
     48 * Users can create groups of themselves (except for lifelines)
     49 * Users can share an investigation and all its components to [public, groups, whitelists of users) for viewing
     50 * The sharing rules can be read or write (so that means they can transfer management of an investigation)
     51 * All InvestigationElement inherit the sharing rules set on an investigation (hence, if the investigation is public so are all its elements)
     52 * Individual investigation elements, and the dataelements that refer to them can have different permissions (lifelines)
    4753
    4854Issues:
    49 * What about data that is not an Investigation/InvestigationElement?
    5055
    51 See www.myexperiment.org for some inspiration on how this 'sharing' model can work.
    52 See www.myexperiment.org for some inspiration on how this 'sharing' model can work.
     56 * What about data that is not an Investigation/InvestigationElement?
    5357
     58See www.myexperiment.org for some inspiration on how this 'sharing' model can work. See www.myexperiment.org for some inspiration on how this 'sharing' model can work.
    5459
    5560== Needs of the xQTL Workbench ==
    56 
    5761Requirements:
    5862
    5963General:
    6064
    61 * All data input/output needs to be closed / secured
    62 * Unregistered users can still view public datasets
     65 * All data input/output needs to be closed / secured
     66 * Unregistered users can still view public datasets
    6367
    6468User:
    6569
    66 * Users need to be able to register (as users)
    67 * Confirmation email to the registrar
    68 * Users need to be able to register/confirm their email
    69 * Users need to be able to login
    70 * When loged in users are able to view public datasets and their own datasets
     70 * Users need to be able to register (as users)
     71 * Confirmation email to the registrar
     72 * Users need to be able to register/confirm their email
     73 * Users need to be able to login
     74 * When loged in users are able to view public datasets and their own datasets
    7175
    7276Admin:
    7377
    74 * Administrators need to be able to: Authenticate users, Ban users, Delete unused accounts
    75 * Administrators are not able to register, view all,execute all
    76 * Users cannot be promoted to admin, admins cannot be demoted to users
    77 * Admins donnot register, but are 'hardcoded' into the application
    78 
    79 
    80 
    81 
     78 * Administrators need to be able to: Authenticate users, Ban users, Delete unused accounts
     79 * Administrators are not able to register, view all,execute all
     80 * Users cannot be promoted to admin, admins cannot be demoted to users
     81 * Admins donnot register, but are 'hardcoded' into the application