CMIS ACL-Proposal

1. CMISACL-Proposal 26-28 Jan 2009

2. Motivation: Scenarios • Policies: Recap • ACL Concept • Proposal: Discussion Topics

3. Scenarios End-User Collaboration Scenario Development: No permissions used (might be passed through, but not interpreted) Runtime: Admin or enduser knows the permissions, assigned by a user to the documents CMIS Application CMIS Application permissions Documents

4. Scenarios Background Tasks Development: Usage of Permissions is being coded into the application Runtime: Application per- missions permissions mappings? CMIS Application CMIS Application permissions Documents

5. Recap CMIS Objects

6. ACL Concept Policies

7. ACL Concept Permissions ALL All WritePolicy Delete WRITE Write WriteProperty WriteContent File Unfile Version READ Read ReadProperty ReadContent ReadPolicy

8. Discussion Topics • Assumption: unified user base  no user discovery, no mapping(within the scope of CMIS) ok ? • Scenario: flexible mapping („level 1“) vs. known permissions („level 2“) ? • Permissions (Level 2): extended permissions required vs. Read/Write/All ? • Modelling of ACLs:Policies vs. Properties ?[if policies] entire ACL vs. individual ACEs as Policy ? • Format for ACLs:XACML vs. XML vs. other format ?format for principals (plain ID vs. type info + ID) ? • ACL Assignment: atomic action when creating an object vs. inheritance ? • ACL Inheritance: on create vs. create + lifetime ?