Difference between revisions of "ESciDoc Committer Meeting 2010-05-11"
Jump to navigation
Jump to search
(New page: Date: 11.05.2010 Start time: '''14:30''' Location: Karlsruhe, München phone: +49-89-38602-223 Participants MPDL: Natasa Bulatovic, Michael Franke Participants FIZ: Dr. Michael Hoppe...) |
m |
||
(19 intermediate revisions by 2 users not shown) | |||
Line 3: | Line 3: | ||
Location: Karlsruhe, München | Location: Karlsruhe, München | ||
phone: +49-89-38602-223 | phone: +49-89-38602-223 VIdOc-ISDN: 08938602595 | ||
Participants MPDL: Natasa Bulatovic, Michael Franke | Participants MPDL: Natasa Bulatovic, Michael Franke | ||
Line 13: | Line 13: | ||
'''Next committer meetings''' | '''Next committer meetings''' | ||
*[[ESciDoc_Committer_Meeting_2010-06-01]] | |||
*[[ESciDoc_Committer_Meeting_2010- | |||
=Topics= | =Topics= | ||
== next Meeting== | |||
* we can run a Comitter Meeeting on 2010-05-18 | |||
== version history event == | == version history event == | ||
Line 58: | Line 59: | ||
</escidocVersions:events> | </escidocVersions:events> | ||
</escidocVersions:version> | </escidocVersions:version> | ||
===Outcome=== | |||
*not discussed, MPDL got out of Internet :) | |||
*input after VidConf: see [[Talk:ESciDoc_Committer_Meeting_2010-05-11]] | |||
==create new role &issues with default filter conditions== | |||
*how to create a new role in the core-service with a policy that does not refer to the core service resources? | |||
*e.g. | |||
**created new policy with scope | |||
<pre> | |||
<role:scope unlimited="false"> | |||
<role:scope-def resource-type="cone-service"/> | |||
</role:scope> | |||
</pre> | |||
**first case: provided very dummy policy that applies to schema, however no login of any user was possible afterwards | |||
***after deletion of all related data users could log-in | |||
**second case: provided policy with action to retrieve contexts only | |||
**granted this role to the user | |||
***when filtering for items - situation is changed -> rules which apply to default user are not simply applied, they are extended and user gets much more items then actually needed | |||
****the user to which this role is assigned is member of 2 user groups (with no privileges at all) | |||
****the following query in filters is applied (note: commented out part is most probably problematic) | |||
****with uncommented part user gets ca.2947 items (as it only checks for existence of privilege basically) | |||
****with commented part user gets ca.391 items | |||
<pre> | |||
SELECT r.id FROM list.item r WHERE ( | |||
( | |||
( | |||
( | |||
( | |||
r.id IN ( | |||
SELECT resource_id FROM list.property WHERE local_path='/properties/version/status' AND value='released' | |||
) | |||
) | |||
) | |||
) | |||
/* OR ( | |||
( | |||
r.id IN ( | |||
SELECT resource_id FROM list.property WHERE EXISTS ( | |||
SELECT object_id FROM aa.role_grant WHERE user_id='escidoc:102002' AND role_id='escidoc:107021' AND ( | |||
revocation_date IS NULL OR revocation_date>CURRENT_TIMESTAMP | |||
) | |||
AND ( | |||
object_id IS NULL OR object_id=r.id | |||
) | |||
) | |||
OR r.id IN ( | |||
SELECT resource_id FROM list.property WHERE EXISTS ( | |||
SELECT object_id FROM aa.role_grant WHERE ( | |||
group_id='escidoc:107001' OR group_id='escidoc:107006' | |||
) | |||
AND role_id='escidoc:107021' AND ( | |||
revocation_date IS NULL OR revocation_date>CURRENT_TIMESTAMP | |||
) | |||
AND ( | |||
object_id IS NULL OR object_id=r.id | |||
) | |||
) | |||
) | |||
) | |||
) | |||
) */ | |||
) | |||
) | |||
AND ( | |||
r.id IN ( | |||
SELECT resource_id FROM list.property WHERE local_path='/properties/context/id' AND value='escidoc:persistent3' | |||
) | |||
) | |||
LIMIT 1000 | |||
</pre> | |||
===Outcome=== | |||
*filters not discussed | |||
*Role creation | |||
**would make sense to create roles which are also valid for external services such as CoNE | |||
***external services would then have to make own PDP based on the rights provided with AA Roles and privileges | |||
***has to be thought properly, as also grants can be made on external objects | |||
***initial idea: external roles (tag a role with additional property), external grants (tag a grant with additional property) | |||
==batch update of resources== | |||
*discuss the possibilities | |||
**envisioned use case: | |||
***user browses many images and filters them e.g. by date of creation, part of the name (simple case: all images are released, therefore searchable) | |||
***user selects certain number of images e.g. 500 and wants to add them metadata "place=Paris" | |||
***quick update of images is there ... | |||
===outcome=== | |||
*Would be good to provide use cases and scenarios | |||
*Input after VidConf: [[Imeji]] | |||
==others== | |||
*eSciDoc-Colab Page setup | |||
*Alignment of tools and processes (e.g., Maven) | |||
*Improved and harmonized communication of eSciDoc | |||
*eSciDoc Blog | |||
*service names and classification | |||
*documentation of services | |||
*installation guides | |||
*eSciDoc Lab: Colab page gathering experimental modules | |||
*Exchange of staff members for specific developments or share development | |||
[[Category:ESciDoc_Developer|Committer Meeting 2010-05-11]] |
Latest revision as of 09:26, 11 August 2010
Date: 11.05.2010 Start time: 14:30
Location: Karlsruhe, München phone: +49-89-38602-223 VIdOc-ISDN: 08938602595
Participants MPDL: Natasa Bulatovic, Michael Franke
Participants FIZ: Dr. Michael Hoppe, Steffen Wagner, Matthias Razum, Harald Kappus
Previous committer meeting
Next committer meetings
Topics[edit]
next Meeting[edit]
- we can run a Comitter Meeeting on 2010-05-18
version history event[edit]
<escidocVersions:version xmlns:escidocVersions="http://www.escidoc.de/schemas/versionhistory/0.4" xmlns:xlink="http://www.w3.org/1999/xlink" objid="escidoc:ex5:1" timestamp="2007-11-15T08:36:52.453Z" xlink:href="/ir/item/escidoc:ex5:1" xlink:title="Version 1" xlink:type="simple"> <escidocVersions:version-number>1</escidocVersions:version-number> <escidocVersions:timestamp>2007-11-15T08:36:59.484Z</escidocVersions:timestamp> <escidocVersions:version-status>released</escidocVersions:version-status> <escidocVersions:valid-status>valid</escidocVersions:valid-status> <escidocVersions:comment>Status changed to released for Item escidoc:ex5.</escidocVersions:comment> <escidocVersions:events> <premis:event xmlns:premis="http://www.loc.gov/standards/premis/v1" xmlID="v1e1"> <premis:eventIdentifier> <premis:eventIdentifierType>URL</premis:eventIdentifierType> <premis:eventIdentifierValue>/ir/item/version-history#v1e1</premis:eventIdentifierValue> </premis:eventIdentifier> <premis:eventType>http://purl.org/escidoc/infrastructure/event-type/release</premis:eventType> <premis:eventDateTime>2007-11-15T08:36:59.484Z</premis:eventDateTime> <premis:eventDetail>Status changed to released for Item escidoc:ex5.</premis:eventDetail> <premis:linkingAgentIdentifier xlink:href="/aa/user-account/escidoc:exuser1" xlink:title="System Administrator User" xlink:type="simple"> <premis:linkingAgentIdentifierType>http://escidoc.org/identifier-types/user</premis:linkingAgentIdentifierType> <premis:linkingAgentIdentifierValue>escidoc:exuser1</premis:linkingAgentIdentifierValue> </premis:linkingAgentIdentifier> <premis:linkingObjectIdentifier> <premis:linkingObjectIdentifierType>http://escidoc.org/identifier-types/item</premis:linkingObjectIdentifierType> <premis:linkingObjectIdentifierValue>escidoc:ex5</premis:linkingObjectIdentifierValue> </premis:linkingObjectIdentifier> </premis:event> </escidocVersions:events> </escidocVersions:version>
Outcome[edit]
- not discussed, MPDL got out of Internet :)
- input after VidConf: see Talk:ESciDoc_Committer_Meeting_2010-05-11
create new role &issues with default filter conditions[edit]
- how to create a new role in the core-service with a policy that does not refer to the core service resources?
- e.g.
- created new policy with scope
<role:scope unlimited="false"> <role:scope-def resource-type="cone-service"/> </role:scope>
- first case: provided very dummy policy that applies to schema, however no login of any user was possible afterwards
- after deletion of all related data users could log-in
- second case: provided policy with action to retrieve contexts only
- granted this role to the user
- when filtering for items - situation is changed -> rules which apply to default user are not simply applied, they are extended and user gets much more items then actually needed
- the user to which this role is assigned is member of 2 user groups (with no privileges at all)
- the following query in filters is applied (note: commented out part is most probably problematic)
- with uncommented part user gets ca.2947 items (as it only checks for existence of privilege basically)
- with commented part user gets ca.391 items
- when filtering for items - situation is changed -> rules which apply to default user are not simply applied, they are extended and user gets much more items then actually needed
- first case: provided very dummy policy that applies to schema, however no login of any user was possible afterwards
SELECT r.id FROM list.item r WHERE ( ( ( ( ( r.id IN ( SELECT resource_id FROM list.property WHERE local_path='/properties/version/status' AND value='released' ) ) ) ) /* OR ( ( r.id IN ( SELECT resource_id FROM list.property WHERE EXISTS ( SELECT object_id FROM aa.role_grant WHERE user_id='escidoc:102002' AND role_id='escidoc:107021' AND ( revocation_date IS NULL OR revocation_date>CURRENT_TIMESTAMP ) AND ( object_id IS NULL OR object_id=r.id ) ) OR r.id IN ( SELECT resource_id FROM list.property WHERE EXISTS ( SELECT object_id FROM aa.role_grant WHERE ( group_id='escidoc:107001' OR group_id='escidoc:107006' ) AND role_id='escidoc:107021' AND ( revocation_date IS NULL OR revocation_date>CURRENT_TIMESTAMP ) AND ( object_id IS NULL OR object_id=r.id ) ) ) ) ) ) */ ) ) AND ( r.id IN ( SELECT resource_id FROM list.property WHERE local_path='/properties/context/id' AND value='escidoc:persistent3' ) ) LIMIT 1000
Outcome[edit]
- filters not discussed
- Role creation
- would make sense to create roles which are also valid for external services such as CoNE
- external services would then have to make own PDP based on the rights provided with AA Roles and privileges
- has to be thought properly, as also grants can be made on external objects
- initial idea: external roles (tag a role with additional property), external grants (tag a grant with additional property)
- would make sense to create roles which are also valid for external services such as CoNE
batch update of resources[edit]
- discuss the possibilities
- envisioned use case:
- user browses many images and filters them e.g. by date of creation, part of the name (simple case: all images are released, therefore searchable)
- user selects certain number of images e.g. 500 and wants to add them metadata "place=Paris"
- quick update of images is there ...
- envisioned use case:
outcome[edit]
- Would be good to provide use cases and scenarios
- Input after VidConf: Imeji
others[edit]
- eSciDoc-Colab Page setup
- Alignment of tools and processes (e.g., Maven)
- Improved and harmonized communication of eSciDoc
- eSciDoc Blog
- service names and classification
- documentation of services
- installation guides
- eSciDoc Lab: Colab page gathering experimental modules
- Exchange of staff members for specific developments or share development