From: John Flynn ([email protected])
Date: 05/02/02
All, The SONAT prototype (DAML Experiment) now has general access control via the use of PKI certificates that we issue from daml.org. There are two types of certificates that will allow access to https://demo.daml.org <https://demo.daml.org/> . The original certificates that were issued for access to https://www.daml.org <https://www.daml.org/> (the DAML private web site) and a new set of certificates that are being issued that only allow access to the SONAT prototype but not to the DAML private site. We can identify which specific certificate is being used to access SONAT and we would now like to further refine access controls for the SONAT prototype using DAML security policy ontologies. The first level of access control we would like to implement is write/edit control for modifying information related to any specific Operation. Operations, such as the Wiskey Bander operation currently being used as a test case for SONAT, are one of the key means of organizing information for specific groups of SONAT users. For now we will keep all the Operations readable by anyone who accesses SONAT with a certificate. We would like to give edit privileges automatically to the person who initially creates a new Operation. That person should then be able to add others to a list of people with edit privileges for that Operation. There are a number of ways we might implement such access controls but in the spirit of the program we should use DAML security policy ontologies if at all possible. Later we will want to implement even finer grain access controls but this is a good starting point. Comments, recommendations? Thanks, John John Flynn (703) 284-4612 DAML Integration and Transition PM BBN Technologies
This archive was generated by hypermail 2.1.4 : 05/14/02 EDT