Skip to Content.
Sympa Menu

shibboleth-dev - ARP editing scenario....

Subject: Shibboleth Developers

List archive

ARP editing scenario....


Chronological Thread 
  • From:
  • To:
  • Subject: ARP editing scenario....
  • Date: Thu, 28 Mar 2002 17:15:48 -0500

I thought I'd write this out in text, before I try to develop some screen mockups.....

-- campus library licenses resource X. Site creates an arp that:
- releases AFFILIATION=MEMBER
- blocks release of EPPN

-- user wants to create an ARP. They enter the url for resource x. Edit screen shows them that

- AFFILIATION = MEMBER is being released; they cannot change this
- other attributes and values can be released
- EPPN is blocked; it CANNOT be released

they select to release AFFILIATION=STAFF

-- user wants to create an ARP for http://www.resourceX.com/editors/. They enter this url. It does NOT match any existing url, so they can specify that any and all attributes can be released.

-- user wants to create an ARP for http://www.resourceX.com/index.html. The ARP editor figures out that this is the same as the url entered by the site in scenario 1.

-- down below, there are SIX scenarios from a previous note. Numbers 1-5 all seem to raise authorization related issues.... eg who can specify that "enrolledCourse=Chem101" can be released? anyone? is this a directory issue?

------------------------- this is the list from a previous note.

On monday's call, I agreed to try to develop scenario's describing some of the more "likely" real-world situations we should expect to encounter on campuses. Once we agree on a set of use cases, we can start to explore the implications for the UI, and for the underlying campus middleware infrastructure.

1- Jane Doe is teaching Chem 101. She has convinced a friend at another university to grant the Chem 101 students access to a controlled web site in the friend's department. Jane goes to the AA user interface, authenticates, and then enters an ARP that specifies that

- for any student in Chem 101
- accessing the target "friends web site"
- the attribute "enrolledCourse=Chem101" will be released.
- she also enters a filter blocking the release of EPPN (in case any individual student attempts to create their own ARP releasing EPPN)

Q's - how do we know Jane is authorized to do this?
- if a student creates their own ARP, attempting to override Jane's, would we, could we find Jane's filter? Or does the site admin have to enter that?

2- Chem 101 again. Except the grad student TA enters the ARP. How do we know this person is authorized?

3- Several faculty and grad students in the planetary geology group at State U are members of a multi-campus research project. One of the grad students manages ARPs for the group. A new controlled web site is created at Other U. The ARP manager enters a new ARP specifying:

- for any member of the planetary group
- accessing the site at Other U
- the attribute Extension URI="urn:mace:state.edu:group:geology:planetary-group" will be released

Q's - any authorization issues?
- presumably, we want the ARP manager to see a more user friendly UI than having to enter this URN... what should that look like?

4- Joe, the office administrator in the Office of Faculty Governance, is also the webmaster for the office. He wants to give all the faculty access to a new web site containing the reports of a Task Force. He enters a new ARP specifying:

- for any member of the faculty
- accessing this new web site
- release the attribute "AFFILIATION=FACULTY"

5- Jane Doe, the Department Manager in Physics, is also responsible for managing the ARPs controlling access to resources licensed by the department. The department licenses access to BLAH, a journal devoted to articles about the new sub-atomic BLAH particle. She enters an ARP specifying:

- for any member of the physics faculty
- for an grad student in Physics
- any undergraduate Physics concentrator
- accessing the BLAH journal site
- release the attribute Entitlement URI="urn:mace:blah.org:contract1234"

Q's - any authz over who can specify the release of this URI?
- a friendly UI.....

6- semester roll-over. The site admin does something to remove all of the ARPs from the AA that are related to courses taught last semester..... and then loads the "standard set" of course-related ARPs for the upcoming semester.


--

--

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page