WebAC: Sprint2 Planning

[Andrew Woods]

Hello WebAC Stakeholders,

As you know, we held a planning meeting [1] today to discuss the details of the second WebAC sprint. The plan is as follows:

- Sprint dates: Oct 26 to Nov 6

- Sprint objectives:

** Address items that were not resolved in Sprint 1 (details in meeting minutes [1])

** Address items raised in stakeholder verification

The reason the second sprint is later than initially planned is to provide time for stakeholders to experiment with the current implementation and provide feedback. In order to facilitate stakeholder verification, we will:

1) Create a Vagrant installation with the WebAC feature enabled, and

2) Create a script that populates an initial tree of resources and associated WebAC ACLs.

Ideally, the script in #2 will create a structure that mirrors stakeholder use cases. We would like to have #1 and #2 above available for stakeholder/community verification by the week of Sept 28th.

** STAKEHOLDER ACTIONS **

a) Please review the "Phase 1 Use Cases" documented on the wiki [2]. If there are use cases that are not mentioned, please add them to that page. The list of use cases you would like to verify should be complete by Friday of next week (9/25) in order to have the verification support scripts ready the following week.

b) Please plan on performing verification testing during the first two weeks of Oct, to be followed by a meeting to discuss results and feedback.

Regards,

Andrew

[1] https://wiki.duraspace.org/display/FF/2015-09-16+-+WebAccessControl+Authorization+Delegate+Planning+Meeting

[2] https://wiki.duraspace.org/display/FF/Design+-+WebAccessControl+Authorization+Delegate#Design-WebAccessControlAuthorizationDelegate-Phase1

[Joshua Westgard]

Dear Fedora Community:

I would like to call attention to a discussion on the fedora-tech list about a proposed change/addition to the PCDM regarding the transitivity of membership:

https://groups.google.com/forum/#!topic/fedora-tech/gEEfQ4-ctUE

In particular it would be good to have a discussion of whether this has any implications for the current WebAC development.  I'm explicitly *not* suggesting that these considerations should muddy the waters of how the testing of the phase one is done.  For the sake of clarity, I would argue that such testing should be restricted to determining whether the current implementation meets the use cases in the proposal and design documents. [1]  Such considerations might, however, inform how we think about the planning of the next sprint.

Josh

[1] https://wiki.duraspace.org/display/FEDORA4x/WebAC+Authorization+Delegate and

https://wiki.duraspace.org/display/FF/Design+-+WebAccessControl+Authorization+Delegate#Design-WebAccessControlAuthorizationDelegate-Phase1

[Aaron Coburn]

Hello Josh,

This proposed change to PCDM will not affect the WebAC authorization module. The WebAC module, as it is currently implemented, uses the LDP notion of direct containment (ldp:contains) when making certain kinds of authorization decisions, but it does not know anything about PCDM (nor should it, I would argue).

Thus, any changes to the PCDM notion of membership (whether transitive or not) will have no effect on the WebAC effort currently underway. That said, I am all in favor of testing and considering the code from various angles; if I am missing something in how PCDM might or might not affect how WebAC is envisioned to work, let's certainly discuss that!

Regards,
Aaron

> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Joshua Westgard]

Thanks, Aaron.  I agree WebAC (and Fedora itself for that matter) should know nothing about PCDM.  Your answer is exactly what I was hoping the answer would be!

Josh

[Andrew Woods]

Hello WebAC Stakeholders,
As a step towards making it simpler for you to verify the functionality implemented in the first WebAC sprint, we have created a Vagrant box that has WebAC configured by default.
https://github.com/fcrepo4-exts/fcrepo4-vagrant/releases/tag/fcrepo4-vagrant-4.3.1-SNAPSHOT-dcfug-2015-09

We are in the process of scripting the creation of example resources and the ACLs that protect them, reflecting the use cases defined here:
https://wiki.duraspace.org/display/FF/Design+-+WebAccessControl+Authorization+Delegate#Design-WebAccessControlAuthorizationDelegate-Phase1

Additional documentation to help create WebAC ACLs and Authorizations is on the wiki:
https://wiki.duraspace.org/display/FEDORA4x/WebAC+Authorization+Delegate

Please post any questions you have regarding either the existing functionality or the ACL creation process as soon as they arise so that we can be collecting feedback in advance of the second WebAC sprint that will begin on October 26th.

We will be providing the scripted resources/ACLs as soon as possible.

Regards,
Andrew

[Andrew Woods]

Hello WebAC Stakeholders,

As you know, the second WebAC sprint begins in less than two weeks (Oct 26). Two things need to happen before that date.

1) Stakeholders should verify their use cases against the first sprint's WebAC implementation. In order to facilitate that verification, 

- a Vagrant box [1] has been created with the WebAC module enabled, 

- administrator documentation [2] for working with WebAC has been posted, and

- a "how to" slide deck [3] is available.

Note: Although no scripted resources/ACLs will likely be provided at this point, please respond to this thread if you have any questions related to working with WebACs.

2) Stakeholders and developers should meet to discuss the feedback from the Stakeholder verification and to discuss the other requirements that target the Phase 1 WebAC implementation but where not completed during the first sprint. Due to upcoming travel, this meeting will need to take place in the latter part of this week or the early part of next. Please indicate your availability as soon as possible. I will send out the date/time of the meeting by close of business tomorrow.

http://doodle.com/poll/ruganihsire6g7r2

Regards,

Andrew

[1] https://github.com/fcrepo4-exts/fcrepo4-vagrant/releases/tag/fcrepo4-vagrant-4.3.1-SNAPSHOT-dcfug-2015-09

[2] https://wiki.duraspace.org/display/FEDORA4x/WebAC+Authorization+Delegate

[3] https://docs.google.com/presentation/d/1zHS2rwnujsXB92g0q5JmLQNBrW1LhP02CtkucwPeNcg/edit?usp=sharing

[Andrew Woods]

Hello All,

The next WebAC implementation planning meeting will be held this Friday (10/16) @3pm ET:

https://wiki.duraspace.org/display/FF/2015-10-16+-+WebAccessControl+Authorization+Delegate+Planning+Meeting

Dial-in:
- Dial-in Number: (712) 775-7035
- Participant Code: 479307#

We will be discussing:

- the feedback from Stakeholder testing of the sprint 1 implementation and 

- the other requirements to be addressed in sprint 2.

Anyone in the community who is interested in the WebAC feature is welcome to join the call.

Regards,

Andrew

[Andrew Woods]

Hello All,

On today's WebAC Planning call we:

- Proposed a plan for furthering the collection of Sprint-1 stakeholder feedback

- Reviewed the existing and additional Sprint-2 requirements, and

- Scheduled date/time of developers' Sprint-2 planning meeting.

Actions:

Asynchronously or on its own call, discuss:

- Exact F4 semantics of ACL modes: Read, Write, Append, Control, Update, Delete

** Page for discussion; https://wiki.duraspace.org/display/FF/Semantics+of+ACL+Modes

- Header-based delegation of authorized agent scenarios and concerns

Full minutes are posted on the wiki:

https://wiki.duraspace.org/display/FF/2015-10-16+-+WebAccessControl+Authorization+Delegate+Planning+Meeting

Regards,

Andrew