[TS] RFC: Security model

Subject: [TS] RFC: Security model
From: Ben Darnell (bgdarnel@unity.ncsu.edu)
Date: Sun Apr 16 2000 - 00:45:47 EDT

sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ben Darnell: "[TS] Beginning of a CGI interface"
Previous message: Ben Darnell: "[TS] Old (pre-0.1) data"

I've been thinking a bit about a security model for an online version of
TS. The first question to answer is "How much security do we need?".
On the one hand, systems like Wiki and Lucid leave the door standing
wide open, and have not really had any problems. OTOH, /. (and
metababy.com, for that matter, which is a wiki-like site and therefore
more relevant for this discussion) has been overrun with anonymous
idiots, which seems to indicate that anything which can be abused will
be, once the audience grows large enough. So, I think there should be
some sort of security model involved, although site admins should be
able to disable it to get wiki-like freedom.

I want to work within the ThoughtStream system as much as possible.
This means that e.g. there will be an Idea for each user, and
memebership in any groups will be designated by Associations.

In my current scheme, each Idea and each Item (Assoc, Content, or URI)
has the ID of a user or group. The user/group who owns an Idea has
permission to do anything with that Idea (but not necessarily the Items
within it). The user/group who owns an Item may or may not have
additional permissions regarding that Item, depending on the security
settings of the Idea.

An Idea may contain Contents of type ACL (access control list), which
grant privileges to users other than the owner of the Idea. An
administrator may specify default privileges, which will be inherited by
every Idea.

What exactly are these privileges?
* Edit Idea properties (title, etc) of Ideas owned by the user
* Edit properties of Ideas owned by other users
* View the Idea (for example, you may not want unregistered users to be
able to view the list of children of the "Users" Idea)
* Add Items (perhaps split this up by type of Item?)
* Edit/Delete Items owned by the user
* Edit/Delete Items not owned by the user
* Create new Ideas
* Possibly others?

A sample access configuration for a discussion-oriented site:
All users: view all ideas
Registered users: edit idea properties of own Ideas,
                  add Items,
                  edit own Items,
                  create new Ideas
Admin group: all privileges on all Ideas
Some Ideas (particularly the various administrative Ideas) would have
all privileges disabled for all but the admin group

Any comments?

-Ben

-- Ben Darnell bgdarnel@unity.ncsu.edu http://thoughtstream.org Finger bgdarnel@debian.org for PGP/GPG key 1024D/1F06E509

------------------------------------------------------------------------ Win $1000 this Friday! Go to: http://click.egroups.com/1/2892/4/_/6321/_/955860350/ ------------------------------------------------------------------------

Next message: Ben Darnell: "[TS] Beginning of a CGI interface"
Previous message: Ben Darnell: "[TS] Old (pre-0.1) data"

This archive was generated by hypermail 2b25 : Wed Aug 30 2000 - 22:01:01 EDT