Ticket #88 (closed defect: fixed)

Opened 6 years ago

Last modified 5 years ago

Write xacml policy to honor profile visibility preferences

Reported by: ronald Assigned to: ronald
Priority: unassigned Milestone:
Component: topaz Version: 0.5-SNAPSHOT
Keywords: Cc:
Blocking: Blocked By: 959

Description

Each field in a user's profile may be marked as to who is allowed to view that field. A xacml policy needs to be written to compute these preferences and reject unallowed access.

Dependency Graph

Change History

08/11/06 16:15:17 changed by ronald

  • owner changed from somebody to ronald.
  • status changed from new to assigned.

08/11/06 16:37:19 changed by ronald

  • milestone changed from TBD to august25.

08/25/06 23:52:44 changed by ronald

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [527]) Closes #88: removed the readers stuff from the profile, and instead rely on the permissions service and standard XACML policies for access-control management. A set of permissions, one for each field in the profile, is provided for reading the profile; a single permission still governs the setting of the profile.

The tests have been adjusted, and some basic setups for the access-control tests done, but the actual tests can't be performed until a framework for logging in and switching between users in tests is set up.

On a performance note: a profile retrieval results in as many check-access calls (and hence XACML policy evaluations, and hence iTQL queries) as there are fields in the profile (currently 10). We probably need to introduce some caching somewhere at some point.

10/29/07 21:12:47 changed by

  • milestone deleted.

Milestone august25 deleted