ESciDoc Role List

This page has been created for discussion of the requirements of Issue 320

Content of List of Roles
We should discuss what information about the roles shall be shown in the list of roles.
 * A reference to the role (objid or xlink:href, depending on the interface), only?
 * A reference to the role including name and description (as it is mentioned in the Issue 320)?
 * All properties of the role including the list of Xacml policies?

Filter Criteria
An eSciDoc role is not directly related to an eSciDoc resource like item, context, container, or organizational unit. Therefore, it is not clear what criterias can be used for filtering. Possible criterias could be:
 * The object ids of the roles
 * The id of a user account (or ids of user accounts?) that owns at least one valid grant for a role (only in combination with list of role ids)
 * Role has never been granted to a user
 * This raises a very important issue i.e. we need to clarify what / how are roles defined for?

A role can be defined for a core service, or for application i.e. solution service (note: service and not solution only). Please follow the discussion on the actual setup/definition for Authentication and authorization models in eSciDoc--Natasa 16:24, 23 October 2007 (CEST)

Sorting Criteria
It has to be clarified if sorting of the list is needed and by which values the list shall be sorted, e.g. by
 * Name
 * Id

Prototype Implementation
There still exists a prototype-like implementation within the base services, but this is currently not available as a REST/SOAP service. This implementation creates a non-filtered list of all roles containing the xlink to the role (in case of REST) or the objid of the role (in case of SOAP), the name, and the description per role. This prototype implementation could be made available as a service of the REST and SOAP interface, immediately.
 * Proposal: to make available the prototype implementation for a non-filtered list after closure of R2 PubMan (Early November). To use it as a basis for definition of other requirements. Does it make sense? --Natasa 11:24, 24 October 2007 (CEST)

Related pages

 * User account lists
 * Authentication and authorization models in eSciDoc