Permissions and access control
The objective in this section is to set out possible solutions for discussion.
Need: allow users to control access to particular items, sets of items, or classes of item, by individuals, groups, bodies, other services. This is very widely understood as a central and vital part of an EPMS.
Need (future): to allow access to items, and tailoring of presentations, by characteristic of the person, body, or service reading.
Need: allow for material where copyright is not owned by the individual.
- Domain ontology needs to include: presentations, views, roles, groups, individuals, bodies corporate, services.
- A presentation to be regarded as an ordered collection of items, possibly with extra presentation information.
- Systems should enable setting of permissions directly on individual items, on classes of item, or on named collections of items (presentations).
- Systems should enable setting of permissions for individuals, groups, services, agencies, bodies.
- Is the ontology adequate?
- What are the technical implications of requiring systems to deal with permissions in this detailed way?
- Are there existing systems that cover this functionality?
- To what extent does the Liberty Alliance Web Services Framework cover this functionality?