Access controls for SONAT

From: John Flynn (jflynn@bbn.com)
Date: 05/02/02

  • Next message: Chris Bizer: "Semantic Web Trust and Security Resource Guide"
    All,
    
    The SONAT prototype (DAML Experiment) now has general access control via the
    use of PKI certificates that we issue from daml.org. There are two types of
    certificates that will allow access to https://demo.daml.org
    <https://demo.daml.org/> . The original certificates that were issued for
    access to https://www.daml.org <https://www.daml.org/>  (the DAML private
    web site) and a new set of certificates that are being issued that only
    allow access to the SONAT prototype but not to the DAML private site.
    
    We can identify which specific certificate is being used to access SONAT and
    we would now like to further refine access controls for the SONAT prototype
    using DAML security policy ontologies. The first level of access control we
    would like to implement is write/edit control for modifying information
    related to any specific Operation. Operations, such as the Wiskey Bander
    operation currently being used as a test case for SONAT, are one of the key
    means of organizing information for specific groups of SONAT users. For now
    we will keep all the Operations readable by anyone who accesses SONAT with a
    certificate. We would like to give edit privileges automatically to the
    person who initially creates a new Operation. That person should then be
    able to add others to a list of people with edit privileges for that
    Operation. There are a number of ways we might implement such access
    controls but in the spirit of the program we should use DAML security policy
    ontologies if at all possible. Later we will want to implement even finer
    grain access controls but this is a good starting point.
    
    Comments, recommendations?
    
    Thanks,
    
    John
    
    John Flynn
    (703) 284-4612
    DAML Integration and Transition PM
    BBN Technologies
    


    This archive was generated by hypermail 2.1.4 : 05/14/02 EDT