Access Control Scenarios
Here are some scenarios involving access control on the Web. Some of them
don't need any support from WEBDAV -- the ones that merely enforce access
constraints set at the server. Some need it or could benefit from it -- the
ones that let users set access rights or ask the server about its access
1. I have a personal Web site that I manage entirely on my own. I want
write access for myself and read-only access for the rest of the world for
everything at my site. In this case, I can just configure my server to
provide that level of access control, and nothing is needed in WEBDAV.
2. Larry Masinter's example: student records online. Different groups have
different sorts of permissions. A student can view all of his own data, but
none of anyone else's. The student can update certain fields but not
others. Administrators can view all of any student's data. A professor can
view grades for his own students in his own classes. Etc. These are
policies, set at the server, that have no exceptions. No one gets to set
permissions online. No impact on WebDAV, unless to be able to discover what
the policies are.
3. A museum's paintings are being made available online. There are several
different collections of paintings with different access rules. Paintings
may migrate from one collection to another from time to time. (1) One
collection, meant to entice visitors into the museum, is freely available to
all. (2) In another collection, anyone can view metadata or retrieve a
low-resolution rendition of any painting for free, but retrieval of a
high-resolution rendition requires payment of a fee. Museum members can
retrieve even high-resolution renditions from this collection without
charge. (3) A children's collection lets children submit art works. The
child registers when he submits an art work. Any child can add, remove, or
modify his own work. Anyone can view works in this collection for free.
Access control for this site can be managed by creating the three
collections, and setting access rights for each collection at the server.
The curator can move paintings from one collection to another with a
Web-based tool. The museum application enforces access rights by consulting
the museum's membership database and the children's registry, together with
the access policies.
4. A university library wants to put reserve readings on line for its
students. In order not to violate any copyright laws, it needs to set
permissions so that only students registered for a particular course can
view the readings for that course. The librarian putting the reserve
readings online is using a Web-based tool. Whenever he adds a reading to
the Web site, the tool prompts him for the course numbers whose students
should be allowed to access that reading. The reserve readings application
at the Web server is tied to the course registration database to enforce
these permissions when students try to access materials.
5. An elaboration of Dan Ford's thoughts on document state and Howard
Modell's on roles: A team is working on a project that involves sensitive
business data. The project's deliverables include several papers, each of
which goes through several cycles of writing and review before it is
approved for distribution. A person who is an author of one paper may be on
the review team for several others. Outside reviewers are also engaged for
each of the papers. While a paper is in a writing phase, only its authors
have write access to it, and only project team members have read access to
it. When a paper is in a review cycle, read and print access is extended to
reviewers. This access is removed once review is complete. When a version
is approved for distribution, a short list of users throughout the company
is given read and print permission (each of these users can print at most
one copy); a longer list can read the paper, but not make printed copies.
The project lead assigns people to the authoring and reviewing groups and
distribution lists for each paper, and determines when each paper moves from
one phase to another. All this is done with Web-based tools.
6. A versioned document describing a company's product offerings is being
developed at a Web site. It is expected to evolve over time as product
offerings change. The team leader designates one version of a document as
the public version. Everyone in the world has read access to this version.
The team leader can change which version is the public version at any time.
The team leader also gets to decide which version of the document team
members are allowed to modify at any time. Only team members have write
access to this version. Any other versions are viewable, but not
modifiable, by team members. The team leader makes these changes to the
access restrictions on versions using a Web-based tool.
7. Xerox's DocuShare product supports a notion of community-administered Web
sites. Anyone can set up an account for himself at one of these sites.
Then, when logged on as himself, he can add collections and materials to the
site, and determine access rights for any objects he adds. He can change
these access rights at any time. He can create groups and users, and
administer the groups and users he owns or has permission to administer.
Name: Judith A. Slein
Internal Phone: 8*222-5169
External Phone: (716) 422-5169
Fax: (716) 265-7133