Permissions and access control

The objective in this section is to set out possible solutions for discussion.

Need: allow users to control access to particular items, sets of items, or classes of item, by individuals, groups, bodies, other services. This is very widely understood as a central and vital part of an EPMS.

Need (future): to allow access to items, and tailoring of presentations, by characteristic of the person, body, or service reading.

Need: allow for material where copyright is not owned by the individual.

Strategy points:

• Domain ontology needs to include: presentations, views, roles, groups, individuals, bodies corporate, services.
• A presentation to be regarded as an ordered collection of items, possibly with extra presentation information.
• Systems should enable setting of permissions directly on individual items, on classes of item, or on named collections of items (presentations).
• Systems should enable setting of permissions for individuals, groups, services, agencies, bodies.

Questions:

• Is the ontology adequate?
• What are the technical implications of requiring systems to deal with permissions in this detailed way?
• Are there existing systems that cover this functionality?
• To what extent does the Liberty Alliance Web Services Framework cover this functionality?