- Support multiple tenants from the same service. That is roles and policies/permissions should be tenant-qualified. One tenant's collectionmanager role may not have the same privileges as the other tenant's collectionmanager role.
- Attribute-level access control. It appears that in the domain of collection management, attribute level access control might be more than uncommon requirement. How to enforce access control at attribute level in search functions so that performance is not degraded drastically is a big challenge.
Tuesday, January 26, 2010
Authorization service in CollectionSpace
I have started design for the authorization service in CollectionSpace. While working on security services, I always provide some descriptions on terms used as well as core processes. Take a look at Authorization Service Description and Assumptions for more details about the service. There are some non-trivial requirements that I would like to highlight here.
Subscribe to:
Posts (Atom)