| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
| <meta name="keywords" content="SMILA/Specifications/Smila Security Concept,Daniel.stucky.empolis.com,G.schmidt.brox.de,Leo.sauermann.dfki.de" /> |
| <link rel="shortcut icon" href="http://wiki.eclipse.org/SMILA/Specifications/favicon.ico" /> |
| <link rel="search" type="application/opensearchdescription+xml" href="http://wiki.eclipse.org/opensearch_desc.php" title="Eclipsepedia (English)" /> |
| <link rel="alternate" type="application/rss+xml" title="Eclipsepedia RSS Feed" href="http://wiki.eclipse.org/index.php?title=Special:Recentchanges&feed=rss" /> |
| <link rel="alternate" type="application/atom+xml" title="Eclipsepedia Atom Feed" href="http://wiki.eclipse.org/index.php?title=Special:Recentchanges&feed=atom" /> |
| |
| |
| <title>SMILA/Specifications/Smila Security Concept - Eclipsepedia</title> |
| |
| <style type="text/css" media="screen,projection">/*<![CDATA[*/ @import "http://wiki.eclipse.org/skins/eclipsenova/novaWide.css?116"; /*]]>*/</style> |
| <link rel="stylesheet" type="text/css" media="print" href="http://wiki.eclipse.org/skins/eclipsenova/eclipsenovaPrint.css?116" /> |
| <link rel="stylesheet" type="text/css" media="handheld" href="http://wiki.eclipse.org/skins/eclipsenova/handheld.css?116" /> |
| <link rel="stylesheet" type="text/css" href="http://wiki.eclipse.org/skins/eclipsenova/Nova/css/header.css" media="screen" /> |
| <link rel="stylesheet" type="text/css" href="http://wiki.eclipse.org/skins/eclipsenova/tabs.css" media="screen" /> |
| <link rel="stylesheet" type="text/css" href="http://wiki.eclipse.org/skins/eclipsenova/Nova/css/visual.css" media="screen" /> |
| <link rel="stylesheet" type="text/css" href="http://wiki.eclipse.org/skins/eclipsenova/Nova/css/layout.css" media="screen" /> |
| <link rel="stylesheet" type="text/css" href="http://wiki.eclipse.org/skins/eclipsenova/Nova/css/footer.css" media="screen" /> |
| <!--[if IE]><link rel="stylesheet" type="text/css" href="/skins/eclipsenova/IEpngfix.css" media="screen" /><![endif]--> |
| <!--[if lt IE 5.5000]><style type="text/css">@import "/skins/eclipsenova/IE50Fixes.css?116";</style> <![endif]--> |
| <!--[if IE 5.5000]><style type="text/css">@import "/skins/eclipsenova/IE55Fixes.css?116";</style><![endif]--> |
| <!--[if IE 6]><style type="text/css">@import "/skins/eclipsenova/IE60Fixes.css?116";</style><![endif]--> |
| <!--[if IE 7]><style type="text/css">@import "/skins/eclipsenova/IE70Fixes.css?116";</style><![endif]--> |
| <!--[if lt IE 7]><script type="text/javascript" src="/skins/common/IEFixes.js?116"></script> |
| <meta http-equiv="imagetoolbar" content="no" /><![endif]--> |
| <script type= "text/javascript">/*<![CDATA[*/ |
| var skin = "eclipsenova"; |
| var stylepath = "/skins"; |
| var wgArticlePath = "/$1"; |
| var wgScriptPath = ""; |
| var wgScript = "/index.php"; |
| var wgServer = "http://wiki.eclipse.org"; |
| var wgCanonicalNamespace = ""; |
| var wgCanonicalSpecialPageName = false; |
| var wgNamespaceNumber = 0; |
| var wgPageName = "SMILA/Specifications/Smila_Security_Concept"; |
| var wgTitle = "SMILA/Specifications/Smila Security Concept"; |
| var wgAction = "view"; |
| var wgRestrictionEdit = []; |
| var wgRestrictionMove = []; |
| var wgArticleId = "17568"; |
| var wgIsArticle = true; |
| var wgUserName = null; |
| var wgUserGroups = null; |
| var wgUserLanguage = "en"; |
| var wgContentLanguage = "en"; |
| var wgBreakFrames = false; |
| var wgCurRevisionId = "242423"; |
| var wgVersion = "1.12.0"; |
| var wgEnableAPI = true; |
| var wgEnableWriteAPI = false; |
| /*]]>*/</script> |
| |
| <script type="text/javascript" src="http://wiki.eclipse.org/skins/common/wikibits.js?116"><!-- wikibits js --></script> |
| |
| <!-- Performance mods similar to those for bug 166401 --> |
| <script type="text/javascript" src="http://wiki.eclipse.org/index.php?title=-&action=raw&gen=js&useskin=eclipsenova"><!-- site js --></script> |
| |
| <!-- Head Scripts --> |
| <script type="text/javascript" src="http://wiki.eclipse.org/skins/common/ajax.js?116"></script> |
| <style type="text/css">/*<![CDATA[*/ |
| .source-xml {line-height: normal; font-size: medium;} |
| .source-xml li {line-height: normal;} |
| /** |
| * GeSHi Dynamically Generated Stylesheet |
| * -------------------------------------- |
| * Dynamically generated stylesheet for xml |
| * CSS class: source-xml, CSS id: |
| * GeSHi (C) 2004 - 2007 Nigel McNie (http://qbnz.com/highlighter) |
| */ |
| .source-xml .de1, .source-xml .de2 {font-family: 'Courier New', Courier, monospace; font-weight: normal;} |
| .source-xml {} |
| .source-xml .head {} |
| .source-xml .foot {} |
| .source-xml .imp {font-weight: bold; color: red;} |
| .source-xml .ln-xtra {color: #cc0; background-color: #ffc;} |
| .source-xml li {font-family: 'Courier New', Courier, monospace; color: black; font-weight: normal; font-style: normal;} |
| .source-xml li.li2 {font-weight: bold;} |
| .source-xml .coMULTI {color: #808080; font-style: italic;} |
| .source-xml .es0 {color: #000099; font-weight: bold;} |
| .source-xml .br0 {color: #66cc66;} |
| .source-xml .st0 {color: #ff0000;} |
| .source-xml .nu0 {color: #cc66cc;} |
| .source-xml .sc0 {color: #00bbdd;} |
| .source-xml .sc1 {color: #ddbb00;} |
| .source-xml .sc2 {color: #339933;} |
| .source-xml .sc3 {color: #009900;} |
| .source-xml .re0 {color: #000066;} |
| .source-xml .re1 {font-weight: bold; color: black;} |
| .source-xml .re2 {font-weight: bold; color: black;} |
| |
| /*]]>*/ |
| </style> |
| <style type="text/css">/*<![CDATA[*/ |
| @import "http://wiki.eclipse.org/index.php?title=MediaWiki:Geshi.css&usemsgcache=yes&action=raw&ctype=text/css&smaxage=18000"; |
| /*]]>*/ |
| </style><style type="text/css">/*<![CDATA[*/ |
| .source-java {line-height: normal; font-size: medium;} |
| .source-java li {line-height: normal;} |
| /** |
| * GeSHi Dynamically Generated Stylesheet |
| * -------------------------------------- |
| * Dynamically generated stylesheet for java |
| * CSS class: source-java, CSS id: |
| * GeSHi (C) 2004 - 2007 Nigel McNie (http://qbnz.com/highlighter) |
| */ |
| .source-java .de1, .source-java .de2 {font-family: 'Courier New', Courier, monospace; font-weight: normal;} |
| .source-java {} |
| .source-java .head {} |
| .source-java .foot {} |
| .source-java .imp {font-weight: bold; color: red;} |
| .source-java .ln-xtra {color: #cc0; background-color: #ffc;} |
| .source-java li {font-family: 'Courier New', Courier, monospace; color: black; font-weight: normal; font-style: normal;} |
| .source-java li.li2 {font-weight: bold;} |
| .source-java .kw1 {color: #7F0055; font-weight: bold;} |
| .source-java .kw2 {color: #7F0055; font-weight: bold;} |
| .source-java .kw3 {color: #000000; font-weight: normal} |
| .source-java .kw4 {color: #7F0055; font-weight: bold;} |
| .source-java .co1 {color: #3F7F5F; font-style: italic;} |
| .source-java .co2 {color: #3F7F5F;} |
| .source-java .co3 {color: #3F7F5F; font-style: italic; font-weight: bold;} |
| .source-java .coMULTI {color: #3F5FBF; font-style: italic;} |
| .source-java .es0 {color: #000000;} |
| .source-java .br0 {color: #000000;} |
| .source-java .st0 {color: #2A00ff;} |
| .source-java .nu0 {color: #000000;} |
| .source-java .me1 {color: #000000;} |
| .source-java .me2 {color: #000000;} |
| |
| /*]]>*/ |
| </style> |
| <style type="text/css">/*<![CDATA[*/ |
| @import "http://wiki.eclipse.org/index.php?title=MediaWiki:Geshi.css&usemsgcache=yes&action=raw&ctype=text/css&smaxage=18000"; |
| /*]]>*/ |
| </style><link rel="stylesheet" type="text/css" href="Smila_Security_Concept.html" /> </head> |
| <body class="mediawiki ns-0 ltr page-SMILA_Specifications_Smila_Security_Concept"> |
| <div id="globalWrapper"> |
| |
| |
| <div id="column-one"> |
| <!-- Eclipse Additions for the Top Nav start here M. Ward--> |
| |
| <div id="header"> |
| <div id="header-graphic"> |
| <img src="http://wiki.eclipse.org/skins/eclipsenova/eclipse.png" alt="Eclipse Wiki"> |
| </div> |
| <!-- Pulled 101409 Mward --> |
| |
| <div class="portlet" id="p-personal"> |
| <div class="pBody"> |
| <ul> |
| <li id="pt-login"><a href="http://wiki.eclipse.org/index.php?title=Special:Userlogin&returnto=SMILA/Specifications/Smila_Security_Concept">Log in</a></li> |
| </ul> |
| </div> |
| </div> |
| |
| <div id="header-icons"> |
| <div id="sites"> |
| <ul id="sitesUL"> |
| <li><a href="http://www.eclipse.org"><img src="http://dev.eclipse.org/custom_icons/eclipseIcon.png" width="28" height="28" alt="Eclipse Foundation" title="Eclipse Foundation" /><div>Eclipse Foundation</div></a></li> |
| <li><a href="http://marketplace.eclipse.org"><img src="http://dev.eclipse.org/custom_icons/marketplace.png" width="28" height="28" alt="Eclipse Marketplace" title="Eclipse Marketplace" /><div>Eclipse Marketplace</div></a></li> |
| <li><a href="https://bugs.eclipse.org/bugs"><img src="http://dev.eclipse.org/custom_icons/system-search-bw.png" width="28" height="28" alt="Bugzilla" title="Bugzilla" /><div>Bugzilla</div></a></li> |
| <li><a href="http://live.eclipse.org"><img src="http://dev.eclipse.org/custom_icons/audio-input-microphone-bw.png" width="28" height="28" alt="Live" title="Live" /><div>Eclipse Live</div></a></li> |
| <li><a href="http://planeteclipse.org"><img src="http://dev.eclipse.org/large_icons/devices/audio-card.png" width="28" height="28" alt="PlanetEclipse" title="Planet" /><div>Planet Eclipse</div></a></li> |
| <li><a href="http://portal.eclipse.org"><img src="http://dev.eclipse.org/custom_icons/preferences-system-network-proxy-bw.png" width="28" height="28" alt="Portal" title="Portal" /><div>My Foundation Portal</div></a></li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| <!-- NEW HEADER STUFF HERE --> |
| <div id="header-menu"> |
| <div id="header-nav"> |
| <ul> <li><a class="first_one" href="http://wiki.eclipse.org/" target="_self">Home</a></li> <li><a href="http://www.eclipse.org/downloads/" target="_self">Downloads</a></li> |
| <li><a href="http://www.eclipse.org/users/" target="_self">Users</a></li> |
| <li><a href="http://www.eclipse.org/membership/" target="_self">Members</a></li> |
| <li><a href="http://wiki.eclipse.org/index.php/Development_Resources" target="_self">Committers</a></li> |
| <li><a href="http://www.eclipse.org/resources/" target="_self">Resources</a></li> |
| <li><a href="http://www.eclipse.org/projects/" target="_self">Projects</a></li> |
| <li><a href="http://www.eclipse.org/org/" target="_self">About Us</a></li> |
| </ul> |
| </div> |
| <div id="header-utils"> |
| <!-- moved the search window here --> |
| <form action="http://wiki.eclipse.org/Special:Search" > |
| <input class="input" name="search" type="text" accesskey="f" value="" /> |
| <input type='submit' onclick="this.submit();" name="go" id="searchGoButton" class="button" title="Go to a page with this exact name if one exists" value="Go" /> |
| <input type='submit' onclick="this.submit();" name="fulltext" class="button" id="mw-searchButton" title="Search Eclipsepedia for this text" value="Search" /> |
| </form> |
| </div> |
| </div> |
| |
| |
| <!-- Eclipse Additions for the Header stop here --> |
| <!-- Additions and mods for leftside nav Start here --> |
| |
| <!--Started nav rip here--> |
| <!-- these are the nav controls main page, changes etc --> |
| <div id="novaContent" class="faux"> |
| <div id="leftcol"> |
| <ul id="leftnav"> |
| <!-- these are the page controls, edit history etc --> |
| <li class="separator"><a class="separator">Navigation   </li> |
| <li id="n-mainpage"><a href="http://wiki.eclipse.org/Main_Page">Main Page</a></li> |
| <li id="n-portal"><a href="http://wiki.eclipse.org/Eclipsepedia:Community_Portal">Community portal</a></li> |
| <li id="n-currentevents"><a href="http://wiki.eclipse.org/Eclipsepedia:Current_events">Current events</a></li> |
| <li id="n-recentchanges"><a href="http://wiki.eclipse.org/Special:Recentchanges">Recent changes</a></li> |
| <li id="n-randompage"><a href="http://wiki.eclipse.org/Special:Random">Random page</a></li> |
| <li id="n-help"><a href="http://wiki.eclipse.org/Help:Contents">Help</a></li> |
| <li class="separator"><a class="separator">Toolbox   </a></li> |
| |
| <li id="t-whatlinkshere"><a href="http://wiki.eclipse.org/Special:Whatlinkshere/SMILA/Specifications/Smila_Security_Concept">What links here</a></li> |
| <li id="t-recentchangeslinked"><a href="http://wiki.eclipse.org/Special:Recentchangeslinked/SMILA/Specifications/Smila_Security_Concept">Related changes</a></li> |
| <!-- This is the toolbox section --> |
| <li id="t-upload"><a href="http://wiki.eclipse.org/Special:Upload">Upload file</a></li> |
| <li id="t-specialpages"><a href="http://wiki.eclipse.org/Special:Specialpages">Special pages</a></li> |
| <li id="t-print"><a href="http://wiki.eclipse.org/index.php?title=SMILA/Specifications/Smila_Security_Concept&printable=yes">Printable version</a></li> <li id="t-permalink"><a href="http://wiki.eclipse.org/index.php?title=SMILA/Specifications/Smila_Security_Concept&oldid=242423">Permanent link</a></li> </ul> |
| </div> |
| |
| |
| <!-- Additions and mods for leftside nav End here --> |
| |
| |
| <div id="column-content"> |
| <div id="content"> |
| <a name="top" id="top"></a> |
| |
| <div id="tabs"> |
| <ul class="primary"> |
| <li class="active"><a href="Smila_Security_Concept.html"><span class="tab">Page</span></a></li> |
| <li><a href="http://wiki.eclipse.org/index.php?title=Talk:SMILA/Specifications/Smila_Security_Concept&action=edit"><span class="tab">Discussion</span></a></li> |
| <li><a href="http://wiki.eclipse.org/index.php?title=SMILA/Specifications/Smila_Security_Concept&action=edit"><span class="tab">View source</span></a></li> |
| <li><a href="http://wiki.eclipse.org/index.php?title=SMILA/Specifications/Smila_Security_Concept&action=history"><span class="tab">History</span></a></li> |
| <li><a href="http://wiki.eclipse.org/index.php?title=Special:Userlogin&returnto=SMILA/Specifications/Smila Security Concept"><span class="tab">Edit</span></a></li> |
| </ul> |
| </div> |
| |
| |
| <script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script> |
| <h1 class="firstHeading">SMILA/Specifications/Smila Security Concept</h1> |
| <div id="bodyContent"> |
| <h3 id="siteSub">From Eclipsepedia</h3> |
| <div id="contentSub"><span class="subpages">< <a href="../../SMILA.html" title="SMILA">SMILA</a> | <a href="../Specifications.html" title="SMILA/Specifications">Specifications</a></span></div> |
| <div id="jump-to-nav">Jump to: <a href="Smila_Security_Concept.html#column-one">navigation</a>, <a href="Smila_Security_Concept.html#searchInput">search</a></div> <!-- start content --> |
| <table id="toc" class="toc" summary="Contents"><tr><td><div id="toctitle"><h2>Contents</h2></div> |
| <ul> |
| <li class="toclevel-1"><a href="Smila_Security_Concept.html#Description"><span class="tocnumber">1</span> <span class="toctext">Description</span></a></li> |
| <li class="toclevel-1"><a href="Smila_Security_Concept.html#Discussion"><span class="tocnumber">2</span> <span class="toctext">Discussion</span></a></li> |
| <li class="toclevel-1"><a href="Smila_Security_Concept.html#Technical_proposal"><span class="tocnumber">3</span> <span class="toctext">Technical proposal</span></a> |
| <ul> |
| <li class="toclevel-2"><a href="Smila_Security_Concept.html#Datamodell"><span class="tocnumber">3.1</span> <span class="toctext">Datamodell</span></a> |
| <ul> |
| <li class="toclevel-3"><a href="Smila_Security_Concept.html#Indexing"><span class="tocnumber">3.1.1</span> <span class="toctext">Indexing</span></a></li> |
| <li class="toclevel-3"><a href="Smila_Security_Concept.html#Search"><span class="tocnumber">3.1.2</span> <span class="toctext">Search</span></a></li> |
| </ul> |
| </li> |
| <li class="toclevel-2"><a href="Smila_Security_Concept.html#Security_Converters_and_Resolvers"><span class="tocnumber">3.2</span> <span class="toctext">Security Converters and Resolvers</span></a></li> |
| <li class="toclevel-2"><a href="Smila_Security_Concept.html#Ambigous_SIDs_in_DSSPs"><span class="tocnumber">3.3</span> <span class="toctext">Ambigous SIDs in DSSPs</span></a></li> |
| <li class="toclevel-2"><a href="Smila_Security_Concept.html#Enhancement_for_DeltaIndexing"><span class="tocnumber">3.4</span> <span class="toctext">Enhancement for DeltaIndexing</span></a></li> |
| </ul> |
| </li> |
| </ul> |
| </td></tr></table><script type="text/javascript"> if (window.showTocToggle) { var tocShowText = "show"; var tocHideText = "hide"; showTocToggle(); } </script> |
| <a name="Description"></a><h1> <span class="mw-headline">Description</span></h1> |
| <p>This page is about Security in SMILA (Authorization). Records may be associated with security information, services may use security information to restrict/grant access on data (records). |
| Authentication (e.g. login to a SMILA based webapplication) is not in the scope of this document. |
| </p><p>Some thoughts about security information in SMILA: |
| </p> |
| <ul><li> for the majority of business cases READ access rights will suffice, but any kind of access rights should be representable |
| </li><li> security information of a record is most likely a list of Users (Principals) and/or Groups that have certain access rights on that record |
| <ul><li> maybe Users XOR Groups is easier to handle than allowing to combine both |
| </li><li> access rights that exclude Users/Groups from reading could be supported |
| </li><li> security based on Groups has some benefits over security based on Users |
| <ul><li> less data is stored in the search index (Groups have not to be resolved to their members) |
| </li><li> membership of a group can be changed without the need to reindex the record |
| </li></ul> |
| </li></ul> |
| </li><li> a data source (e.g. a NTFS filesystem) may be connected to a security provider (e.g. a LDAP server). Let's call these __DSSP__ (data source security provider) |
| </li><li> for data sources that are not connected to a DSSP and do not provide any security information a defined constant <tt>EVERYONE</tt> is used instead of any specific security information. This value is needed for filtering by search engines, as in general the filter expression will contain the user and the groups he is member of, for example <tt> ... and (trustee="stuc07" or trustee="group1" or trustee="group2")</tt>. To include all documents that have no access rights restrictions the statement <tt>or trustee="EVERYONE"</tt> is added. With no value set, filtering is not possible. |
| </li><li> a data source may enforce access rights on it's data but it may be not possible for the Agent/Crawler to access the information who has the rights to access the data (e.g. a webserver) |
| </li><li> security information may be different for various data sources. SMILA will not provide any functionality of harmonizing security information, they are used as provided by the DSSP. |
| </li><li> Names/IDs of users and groups may be not unique. For example two DSSPs may provide a group named "authenticated users" with a totally different set of users. For such cases it will be neccessary to somehow couple the security information with the data source id (e.g. via a simple concat of the data source Id and the User/Group IDs). |
| </li><li> DSSP specific services are needed (e.g used in the Connectivity Framework and in the Search Framework) to |
| <ul><li> resolve all subgroups of a group |
| </li><li> resolve all users of a group |
| </li><li> resolve all groups a user is a member of |
| </li></ul> |
| </li><li> in the search process these resolving services are used by a login/single sign on component to get the security information for the current user. This is part of the application logic, but the basic functionality has to be provided |
| </li><li> search results are filtered against the provided security information, only returning the records a user has access to. As there is always a delta in the access rights stored in the index and the access rights on the data source a online check for each search result entry could be executed for high risk data. |
| </li></ul> |
| <p><br /> |
| </p> |
| <a name="Discussion"></a><h1> <span class="mw-headline">Discussion</span></h1> |
| <p><a href="http://wiki.eclipse.org/index.php?title=User:Leo.sauermann.dfki.de&action=edit" class="new" title="User:Leo.sauermann.dfki.de">User:Leo.sauermann.dfki.de</a> (16.1.2009): |
| </p> |
| <ul><li> I agree that groups are simpler than both groups and users. From experience, copying the model of operating systems (NTFS, ext, hfs: one owner, multiple groups) could be safer than an optimization to groups alone wher we don't fully understand the implications. |
| <ul><li><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a>: We don't want to enforce any security model/pattern. As a framework we should support users to model security the way they want. Either based on users, groups or both. But we should offer suggestions (based on experience) which approach is better for which usecase. |
| </li></ul> |
| </li><li> Multiple names/IDS of the same user may exist for multiple systems. this is the __user-id native to the DSSP__. |
| <ul><li><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a>: I will add a separate section <a href="Smila_Security_Concept.html#Ambigous_SIDs_in_DSSPs" title="">Ambigous SIDs in DSSPs</a> discussing this topic. |
| </li></ul> |
| </li><li> Inside the SMILA record format, SMILA-specific user-ids or the user-ids native to the DSSP could be used. |
| <ul><li> When we use DSSP-proprietary ids, we should represent them as URIs. |
| </li><li> When we have SMILA-internal user ids also, we should represent them as UUIDs (for decentralized management) or integers (for optimization). |
| </li><li> SMILA may have internal user and group IDS represented as "numbers" which are centrally mapped to external user-ids native to the DSSP. A central "SMILA user id and group id" user-identification database provides means to find the internal number of a user for a user-id native to a DSSP. Optionally, the user-identification database can map multiple DSSP user-ids to one SMILA user-id (if they are the same). |
| </li></ul> |
| </li><li> There may be both the user and group given by the DSSP and indexed, and custom user&group rights that are added later as part of the SMILA index. |
| </li></ul> |
| <p>Sum up of my view on users and groups and DSSP-integration: |
| External DSSP user ids should be mapped centrally to SMILA specific IDs. SMILA then has (like ldap, unix, or other security systems) its own security database for user identification. membership of users to groups must be resolvable using external DSSP services for authorization, for identification a connection to the DSSPs user/password system must be available. |
| </p> |
| <ul><li> if SIDs are resolved to more human readable names by a SecurityResolver, then they should be transported in different XML attributes than the original SID. |
| <ul><li><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a>: This is up to the SecurityConverter respectively it's configuration. In this step the SECURITY annotations are converted to regular attributes. How these attributes are named, what values they include should be completly configurable. It should not be neccessary to index both SIDs and human readable names. If someone wants to do this different attributes are needed indeed. |
| </li></ul> |
| </li></ul> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroups"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>2525<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroupsDatasourceSpecific"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group1<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a group SID resolved to a a human readable group name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group9<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a group SID resolved to a a human readable group name --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsersDatasourceSpecific"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\testuser<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| </p> |
| <ul><li> I suggest to use the constant name EVERYONE instead of ALL_READ |
| <ul><li><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a>: Yes, it fits better if used in context with other access rights than READ. |
| </li></ul> |
| </li><li> In the attribute values for ReadGroups and ReadUsers, only numeric values and the predefined constants are allowed (EVERYONE). More constants will be defined. This could be optimized by defining integer constants for EVERYONE. |
| </li><li>In the attribute values for ReadUsersDatasourceSpecific, URIs are preferred. These should be expressed using standardized formats. For LDAP, <a href="http://www.apps.ietf.org/rfc/rfc4516.html" class="external text" title="http://www.apps.ietf.org/rfc/rfc4516.html" rel="nofollow">RFC 4516</a> specifies the URI format. |
| </li><li> SMILA is an enterprise framework. There should be better guidelines for representing the "no ACL" option then to not use certain pipelets |
| </li><li> LDAP is maybe not the right standard used in the chart, SASL could be used (LDAP is compatible with SASL). |
| </li><li> the SecurityResolver will need functionality to map a DSSP user/group IDs to SMILA user/group ids: |
| </li></ul> |
| <div dir="ltr" style="text-align: left;"><pre class="source-java"><span class="coMULTI">/** |
| * map a datasource specific user id to a SMILA user id. |
| * todo: how to identify the datasource here? |
| */</span> |
| <span class="kw4">long</span> resolveDataSourceUserToSID<span class="br0">(</span><span class="kw3">String</span> datasourceSpecificUserID, datasourceID<span class="br0">)</span>; |
| |
| <span class="coMULTI">/** |
| * map a datasource specific group id to a SMILA group id. |
| * todo: how to identify the datasource here? |
| */</span> |
| <span class="kw4">long</span> resolveDataSourceGroupToSID<span class="br0">(</span><span class="kw3">String</span> datasourceSpecificGoupID, datasourceID<span class="br0">)</span>;</pre></div> |
| <p><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a>: Smila currently has no user or user rights management, as this was not a requirement for the framework. Therefore it was not intended to convert external user/group IDs to internal Smila user/group IDs at all. Of course there will be clients to Smila that will have a separate user management (e.g. a Liferay Portal). It is the job of a client to map it's logins to any logins for external datasources, like the ones indexed by Smila. Smila could provide some Services that offer such a functionality, but this is not required. The security information provided by Crawlers/Agents should be usable in it's raw unmodified form. If desired it is possible to convert these into more human readable names by Resolvers, e.g. plain text or standardized URIs. Again, we should not enforce any model/pattern. |
| </p><p><a href="http://wiki.eclipse.org/User:G.schmidt.brox.de" title="User:G.schmidt.brox.de">User:G.schmidt.brox.de</a> (08.02.2009): |
| </p><p>Generally my experience with user rights shows that we usually need much more information. |
| </p><p>E.g. at a web installation using LDAP user rights and a Websphere Portal we have had at least 8 different attributes showing whether access rights should be applied. We have had the following tokens: |
| </p> |
| <ul><li> Whether security rights should be applied (debug mode) |
| </li><li> Whether a document is available for anonymus users (important... it does only mean anonymous users... if logged in these records are invisible) |
| </li><li> Users |
| </li><li> Groups |
| </li><li> Roles |
| </li><li> Regions |
| </li><li> ... |
| </li></ul> |
| <p>Lotus notes often uses such security concepts also. Thes conceps are highly input form based security rights. |
| </p><p>To be able to deal with such user rights we have decided to define user rights on an index/source level. On this level we do transformations (transforming a SID or SSO Token to) the real required technical filters. |
| </p><p>User rights should be applyable not only by default behaviour. This customer used e.g. special annotations within documentum to apply their policy to the documentum storage and joined it with a portal. The user information stored in documentum was just not sufficiant at that point. Therefore relying on just a default scheme will not work. We have to be able to do such configuration manually. |
| </p><p>Please share your thoughts. |
| </p><p>Thanks. |
| </p><p>Georg |
| </p> |
| <dl><dd><a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">User:Daniel.stucky.empolis.com</a> (16.02.2009): As I understand it, I see three main parts that have to be adressed: |
| <ol><li> Crawlers provide data with security information: of course it depends on the data source and crawler implementation what kind of security information a crawler returns. The security concept is flexible enough to add any number of additional annotations besides the suggested READ, WRITE. So for example ROLES could be returned as well. With a special Pipelet it would also be possible to combine the information provided by the crawler with additional information provided by e.g. a portal. |
| </li><li> indexing security information: Via a SecurityConverter we simply decide what security annotations are converted to indexable attributes. In other words what security information is stored in what index field. |
| </li><li> setting Security Filters in a search: via the Search API security information about users are set via annotations on the query. Again these can contain arbitrary information, e.g. a user login and a users role. These are converted by a SecurityConverter into filters on the indexed attributes. The combination logic of the filters (AND | OR) should be configurable. |
| </li></ol> |
| </dd></dl> |
| <p><br /> |
| </p> |
| <a name="Technical_proposal"></a><h1> <span class="mw-headline">Technical proposal</span></h1> |
| <p>The basic idea is that a record created by a Agent/Crawler contains "raw" security information. This optional information is processed by special Pipelets in the executed pipeline that prepare the security information to be stored with the record's metadata in a search index. |
| </p> |
| <a name="Datamodell"></a><h2> <span class="mw-headline">Datamodell</span></h2> |
| <p>As we don't know for what use cases SMILA will be used, we should not restrict security information to READ access rights, but provide a generic representation of security information. The default use case will be indexing and search, for which READ access will suffice. Security information should be separated from record metadata, though represented by reusing classes of the datamodel. The record itself is annotatable, so we can store the security information as annotations in the record. Therefore a specific annotation ACCESS_RIGHTS is defined. It contains subannotations for various access right types ( e.g. READ, WRITE, DELETE ) which in turn contain annotations for entities (e.g. PRINCIPALS and GROUPS). It is easily possible to add new access right types or entities, but the Security Converters/Resolvers have to be adopted to support them. |
| </p><p><br /> |
| </p> |
| <a name="Indexing"></a><h3> <span class="mw-headline">Indexing</span></h3> |
| <p>During Indexing the security information for a record is read from the datasource by Crawlers/Agents, which create the ACCESS_RIGHTS annotations thereof and store them in the record. In the IndexOrderConfiguration it should be configurable what annotations are created for each record (what access right types, if to use principals or groups or both). It should also be possible to disable the creation of these annotations if no security information is used in Smila. Crawlers/Agents should pass security information as provided by the data source, e.g. SIDs (Security IDs). Further processing of this data will be done by the Security Converters/Resolvers. |
| Here is an example for the ACCESS_RIGHTS record annotations: |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"GROUPS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>2525<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"WRITE"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| ... |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| Regular Pipelets/Processingservices will not take these annotations into account. Before storing a record in a search index, the security annotations have to be converted to regular attributes that are indexable. Therefore SecurityConverters (general or index specific) will do this transformation of annotations into attributes. Here is an example, of how the READ access rights could be represented as regular attributes: |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroups"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>2525<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| There may be use cases where instead of SIDs more human readable names should be used for indexing. Another use case is that Groups should be resolved to their members (either SIDs or also human readable names). In this case a SecurityConverter can make use of a SecurityResolver to handle these tasks. So it could resolve datasource-specific human readable names for the principals and groups |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroups"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group1<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a group SID resolved to a a human readable group name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group9<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a group SID resolved to a a human readable group name --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\testuser<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p>or it could also resolve the members of the groups |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\testuser<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group1member1<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group1member2<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group2member1<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis\group2member2<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- a user/principal SID resolved to a a human readable user/principal name --></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p>Often data sources with and without security restrictions will be used together in one index (e.g. a filesystem and a public web site). The SecurityConverter should generate a default value for those data sources named EVERYONE and fill all required attributes with it. This is needed during the search process, as possible results without any security information would be filtered from the result list. A SecurityResolver may also use this value to replace generic groups (like authenticated_users or domain_users). |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroups"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>EVERYONE<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>EVERYONE<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></L<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| </p> |
| <a name="Search"></a><h3> <span class="mw-headline">Search</span></h3> |
| <p>A search client represents security information in exact the same way as a Crawler does it during indexing. Most likely this will only be the ID of a user executing the search. |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p>The security annotations are then again processed by a SecurityConverter (now in search mode) that transforms the security annotations into a filter annotation for the security attributes in the index. Note that EVERYONE is always included in the filter! (see the Search concept for details on Filters) |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadUsers"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"filter"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V</span> <span class="re0">n</span>=<span class="st0">"type"</span><span class="re2">></span></span>enumeration<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V</span> <span class="re0">n</span>=<span class="st0">"mode"</span><span class="re2">></span></span>include<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>EVERYONE<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p>Again, SecurityResolvers may be used by the SecurityConverter for various tasks. For example if only groups are used for security checking, then all groups the provided user is a membor of have to be determined and this information is then used to create the filter. For example |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p>is resolved to |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"GROUPS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0190<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p>and then converted to the filter |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><A</span> <span class="re0">n</span>=<span class="st0">"ReadGroupss"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"filter"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V</span> <span class="re0">n</span>=<span class="st0">"type"</span><span class="re2">></span></span>enumeration<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V</span> <span class="re0">n</span>=<span class="st0">"mode"</span><span class="re2">></span></span>include<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0190<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>EVERYONE<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></A<span class="re2">></span></span></span></pre></div> |
| <p>If security is NOT relevant for search process, then simply don't use any SecurityConverters in your index and search pipelines (and configure your agents/crawlers appropriately to reduce data load)! |
| </p><p><br /> |
| </p> |
| <a name="Security_Converters_and_Resolvers"></a><h2> <span class="mw-headline">Security Converters and Resolvers</span></h2> |
| <p>At some points in the SMILA framework the security information needs to be converted. We can distinguish between real conversion and resolving of security information (this list may not be complete): |
| </p> |
| <ul><li>Converters |
| <ul><li>preparations for Search Index (e.g. converting from Annotation to Attribute representation) |
| </li><li>combining data source and security information (like adding a domain or data source Id prefix to the security information) |
| </li></ul> |
| </li><li>Resolvers |
| <ul><li>resolve a Principals Sub-Principals (e.g. members of a group, subgroups of a group) |
| </li><li>resolve a Principals Membership (e.g. get all groups the user is a member of) |
| </li><li>resolve properties of a Principal (e.g. human readable names of Principal IDs) |
| </li></ul> |
| </li></ul> |
| <p><br /> |
| </p> |
| <ul><li>Handling of security information should be optional (configurable). |
| </li><li>Crawlers return unmodified security information as provided by the data source |
| </li><li>Search Clients provide Principals (in general a user context) to execute the search for |
| </li><li>Converters are implemented as Pipelets/ProcessingServices. Converters may be generic or search index specific. |
| </li><li>Converters execution logic is different for indexing (conversion to attributes) and search (conversion to filter annotations) process (perhaps it is better to seperate these tasks in different pipelets) |
| </li><li>Converters may use Resolvers for further processing security information |
| </li><li>Resolvers are implemented as OSGi services, not as Processing services ! |
| </li><li>Resolvers may be used by Converters or any other component in SMILA (e.g. a login componentn of a search application) |
| </li></ul> |
| <p>Here is an illustration of the proposed architecture of security resolvers and converters. Note that the use of Resolvers is optional: |
| <a href="http://wiki.eclipse.org/Image:SecurityConverterResolver.png" class="image" title="architecture of security resolvers and converters"><img alt="architecture of security resolvers and converters" src="http://wiki.eclipse.org/images/9/9f/SecurityConverterResolver.png" width="960" height="720" border="0" /></a> |
| </p><p><br /> |
| Here is a proposal for the SecurityResolver interface. |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-java"><span class="kw1">interface</span> SecurityResolver |
| <span class="br0">{</span> |
| <span class="coMULTI">/** |
| * Returns all properties of the given principal. |
| */</span> |
| <span class="kw3">Properties</span> getProperties<span class="br0">(</span><span class="kw3">String</span> principal<span class="br0">)</span>; |
| |
| <span class="coMULTI">/** |
| * Returns all principals that are member to the given group, including any subgroups. |
| */</span> |
| Set<String> resolveGroupMembers<span class="br0">(</span><span class="kw3">String</span> group<span class="br0">)</span>; |
| |
| <span class="coMULTI">/** |
| * Returns all groups the given principal is member of. |
| */</span> |
| Set<String> resolveMembership<span class="br0">(</span><span class="kw3">String</span> principal<span class="br0">)</span>; |
| |
| <span class="coMULTI">/** |
| * Checks if the given principal is a group. |
| */</span> |
| <span class="kw4">boolean</span> isGroup<span class="br0">(</span><span class="kw3">String</span> principal<span class="br0">)</span>; |
| <span class="br0">}</span></pre></div> |
| <p>For automated handling of security information by a SecurityResolver, a SecurityConverter needs some functionality to select the right SecurityResolver, some kind of registry that maps a DSSP ID to an instance of a SecurityResolver. Therefore the ACCESS_RIGHTS annotations must contain some information about the DSSP to use. If the DSSP ID is already included in the principals/groups (see <a href="Smila_Security_Concept.html#Ambigous_SIDs_in_DSSPs" title="">Ambigous SIDs in DSSPs</a>) then no additional information may be needed to select a SecurityResolver instance. But to be more general and flexible we should introduce a new Subannotation "DSSP", which contains the ID and any additional information (e.g. connection information) that may be needed to fill parameters of method calls on a SecurityResolver: |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"DSSP"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ID"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- the ID of the DSSP, in this case the domain --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"..."</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>...<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| ... |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| ... |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| </p> |
| <a name="Ambigous_SIDs_in_DSSPs"></a><h2> <span class="mw-headline">Ambigous SIDs in DSSPs</span></h2> |
| <p>This is more a theoretical aspect but we should have a solution it this problem really occurs: |
| It may happen, that the same SID is used by different DSSPs to identify different Users. In this case it is not enough to let a Crawler/Agent just return the SID, it must also contain some information to which DSSP the SID belongs to. A simple solution is to add some DSSP_ID as a prefix to the SID during creation of the security annotations in the Crawler/Agent. I suggest to use "/" as a separator character: |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>[DSSP_ID]/[SID]<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span></pre></div> |
| <p>For NTFS access rights this prefix could be the domain or machine name, e.g. |
| </p> |
| <div dir="ltr" style="text-align: left;"><pre class="source-xml"><span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"ACCESS_RIGHTS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"READ"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"PRINCIPALS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis/0815<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified user/principal id (SID) as provided by a DSSP with the DSSP ID as prefix --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"><An</span> <span class="re0">n</span>=<span class="st0">"GROUPS"</span><span class="re2">></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis/4711<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP with the DSSP ID as prefix --></span></span> |
| <span class="sc3"><span class="re1"><V<span class="re2">></span></span></span>empolis/2525<span class="sc3"><span class="re1"></V<span class="re2">></span></span></span> <span class="sc3"><span class="coMULTI"><!-- an unmodified group id (SID) as provided by a DSSP with the DSSP ID as prefix --></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span> |
| <span class="sc3"><span class="re1"></An<span class="re2">></span></span></span></pre></div> |
| <p><br /> |
| For other data sources it may be some other kind of unique id. The DataSourceId is NOT a good choice, as different data sources may use the same DSSP (e.g. multiple NTFS filesystem sources using the same LDAP server). This would lead to an explosion of different values for a logically identical user. |
| </p><p>Of course a client also has to use this prefix when executing searches! |
| </p> |
| <a name="Enhancement_for_DeltaIndexing"></a><h2> <span class="mw-headline">Enhancement for DeltaIndexing</span></h2> |
| <p>A change of the security information of a document leads to an update of the search index. It may be desirable to distinguish between changes of the security information and changes of a document itself. Therefore one could introduce a second hash token that is created from the security information and stored in DeltaIndexingManager. If during a crawl only the hash for the security information has changed the whole processing for the document needs not to be be executed but just the update of the security information (thus saving overhead processing). Therefore the CrawlerController needs to add some kind of flag to the Record (e.g. a special Attribute) that shows if the regular hash or the security hash changed. In the Router this Attribute could be used in rules to trigger different Pipelines: the "complete processing pipeline" if the regular hash (or both hashes) changed, or the "security update pipeline" if only the security hash changed. As not all indexes will support update of selected attributes but will most likely support only a delete/add logic based on whole documents, the already processed data of this record must be loaded (either from the index or from the XML/Binary-Storage) and merged with the current Record (e.g. by a special Pipelet). This is an optional enhancement that is totally independent of the security concept. However, it should be implemented after the security concept was implemented and tested. |
| </p> |
| <!-- |
| NewPP limit report |
| Preprocessor node count: 61/1000000 |
| Post-expand include size: 0/2097152 bytes |
| Template argument size: 0/2097152 bytes |
| #ifexist count: 0/100 |
| --> |
| |
| <!-- Saved in parser cache with key wikidb:pcache:idhash:17568-0!1!0!!en!2!edit=0 and timestamp 20130416061123 --> |
| <div class="printfooter"> |
| Retrieved from "<a href="Smila_Security_Concept.html">http://wiki.eclipse.org/SMILA/Specifications/Smila_Security_Concept</a>"</div> |
| <!-- end content --> |
| <div class="visualClear"></div> |
| </div> |
| </div> |
| |
| |
| </div> |
| |
| |
| <!-- Yoink of toolbox for phoenix moved up --> |
| |
| |
| </div> |
| </div> |
| <div id="clearFooter"/> |
| <div id="footer" > |
| <ul id="footernav"> |
| <li class="first"><a href="http://www.eclipse.org/">Home</a></li> |
| <li><a href="http://www.eclipse.org/legal/privacy.php">Privacy Policy</a></li> |
| <li><a href="http://www.eclipse.org/legal/termsofuse.php">Terms of Use</a></li> |
| <li><a href="http://www.eclipse.org/legal/copyright.php">Copyright Agent</a></li> |
| <li><a href="http://www.eclipse.org/org/foundation/contact.php">Contact</a></li> |
| <li><a href="http://wiki.eclipse.org/Eclipsepedia:About" title="Eclipsepedia:About">About Eclipsepedia</a></li> |
| </ul> |
| <span id="copyright">Copyright © 2013 The Eclipse Foundation. All Rights Reserved</span> |
| <p id="footercredit">This page was last modified 16:32, 11 March 2011 by <a href="http://wiki.eclipse.org/index.php?title=User:Nadine.auslaender.attensity.com&action=edit" class="new" title="User:Nadine.auslaender.attensity.com"> </a>. Based on work by <a href="http://wiki.eclipse.org/User:Daniel.stucky.empolis.com" title="User:Daniel.stucky.empolis.com">Daniel Stucky</a>, <a href="http://wiki.eclipse.org/User:G.schmidt.brox.de" title="User:G.schmidt.brox.de">Georg Schmidt</a> and <a href="http://wiki.eclipse.org/index.php?title=User:Leo.sauermann.dfki.de&action=edit" class="new" title="User:Leo.sauermann.dfki.de">Leo Sauermann</a>.</p> |
| <p id="footerviews">This page has been accessed 2,784 times.</p> |
| </div> |
| |
| <script type="text/javascript"> |
| var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); |
| document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); |
| </script> |
| <script type="text/javascript"> |
| var pageTracker = _gat._getTracker("UA-910670-4"); |
| pageTracker._trackPageview(); |
| </script> |
| |
| |
| |
| |
| |
| |
| |
| <!-- <div class="visualClear"></div> --> |
| |
| <script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script> |
| </div> |
| |
| <!-- Served in 0.062 secs. --></body></html> |
