[OTDev] AA: the anonymous user
Luchesar V. ILIEV luchesar.iliev at gmail.comFri Jun 18 14:33:07 CEST 2010
- Previous message: [OTDev] AA: the anonymous user
- Next message: [OTDev] AA: the anonymous user
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
While this discussion is mostly about the anonymous user, let me bring forward another related issue: the public access itself. Suppose that I upload certain resource, which I'd like to be public. My client has to construct an appropriate policy and send it to the OT service alongside the resource. The service then should translate it into OpenSSO policy and register it with the policy service while creating and publishing my resource. The question is, however, what this "public" policy should be? Of course, I, as creator, should be able to do anything (GET, POST, PUT, DELETE), but what about the "public" part, really? It's about being able to GET the resource (or POST to it for some types of resources), but WHO exactly? One user to be defined should be the anonymous one, OK, but what about all the rest? It doesn't make sense to list all existing users in the policy, yet, if we don't do it, it would happen so that while the anonymous user has access to the public resource, no other registered user does! One solution, that I see, is to have a group "all users", which should be automatically updated each time a new user is registered on the opentox.org site. Or probably there is already a group in Plone which encompasses all registered users (not quite the same, but I remember phpBB3 having such group)? Please let me know what do you think about this issue. Or am I missing something? Cheers, Luchesar P.S. The problem arises from the fact that OpenSSO uses "deny" as default. So, if there's no policy regarding certain resource/access-type/user combination, the request is denied. On Thu, Jun 17, 2010 at 18:51, Tobias Girschick <tobias.girschick at in.tum.de> wrote: > Hi Luchesar, All, > > On Thu, 2010-06-17 at 18:34 +0300, Luchesar V. ILIEV wrote: >> Folks, >> >> I'd like to gradually start discussion on several points that seems to >> be needing specific attention. Let's start with the anonymous or guest >> user. > Good point. > >> >> 1. Let's decide on the exact username: "anonymous" or "guest". I have >> slight preference for the first one, because "guest" somehow implies >> more restricted access -- however, that user is supposed to access ALL >> public data, not, for instance, only some "demo" excerpts. > > I also prefer anonymous. > >> >> 2. What about the password? Should it be just "blank" one? Or >> something like "opentox". Or even user's e-mail address, FTP-style >> (however, this one might be difficult to implement, as it is unlikely >> to be supported by OpenSSO/Plone)? > > I think in the IT world anonymous + blank is pretty common. > > Cheers > Tobias > >> >> 3. Once the exact username and password are decided, it might make >> sense to finally enter the user into Plone's database, so that we can >> start testing. >> >> 4. Let's not forget that at some point of time we should create >> policies for ALL existing public resources that grant "read" (GET, but >> sometimes also POST) access for that user. >> >> 5. If any type of quotas are implemented, even if with the intention >> to just protect a service from being overloaded, obviously the >> "anonymous" or "guest" user would need special treatment. >> >> Cheers, >> Luchesar >> _______________________________________________ >> Development mailing list >> Development at opentox.org >> http://www.opentox.org/mailman/listinfo/development > > -- > Dipl.-Bioinf. Tobias Girschick > > Technische Universität München > Institut für Informatik > Lehrstuhl I12 - Bioinformatik > Bolzmannstr. 3 > 85748 Garching b. München, Germany > > Room: MI 01.09.042 > Phone: +49 (89) 289-18002 > Email: tobias.girschick at in.tum.de > Web: http://wwwkramer.in.tum.de/girschick > > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development >
- Previous message: [OTDev] AA: the anonymous user
- Next message: [OTDev] AA: the anonymous user
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list