[cap-talk] User interface discussion, role based geometry editing

Jed Donnelley jed at nersc.gov
Tue Feb 26 15:28:45 EST 2008 

On 2/26/2008 8:19 AM, John Carlson wrote:
> On Feb 25, 2008, at 9:56 PM, Jed Donnelley wrote:
> 
>> At 09:04 PM 2/25/2008, John Carlson wrote:
>>> What is cap-talk's reaction to the use of roles when using a
>>> collaborative geometry based application?  See:
>>>
>>> http://scitation.aip.org/getabs/servlet/GetabsServlet?prog=normal&id=JCISB6000006000001000002000001&idtype=cvips&gifs=yes
>>> If this has been done for capabilities, can someone point me at it?
>> Sorry, what is the "this" in the above?  Role-based access control?
> ...
> Of course I'm not asking if RBAC has been done with capabilities.

Ah.  That wasn't clear to me.  Since the subject of the message
was "*role* based geometry editing" and in the above you said
"What is cap-talk's reaction to the use of *roles* when using a
collaborative geometry based application?"

> I'm asking if a collaborative geometry (CAD/Animation) application has  
> been done with capabilities.  Say you're an engineering firm working  
> on a complex project, and you want to distribute work to different  
> firms, yet maintain as much control as possible of your project  
> (perhaps by distributing images of the high level objects instead of  
> the actual models).  Or say you're a movie production studio, and you  
> want to distribute animation to several firms, but you don't want to  
> give away the plot of the movie.  Or say you're an architectural firm,  
> and you want to grant the ability for an interior design firm to  
> populate the interior of your building without changing the structure.
> 
> Are these situations that neither role based nor capability security  
> has a good answer for?

I believe they are situations where both capability access control
(the ability to delegate access in a message) and role based controls
(access controls based on "who" has access and what their role is)
are applicable and would be helpful.  My 'vision' of capabilities
with an underlying Horton policy that includes roles seems to me to
fit perfectly, though that's not surprising.  I was just noting
that I don't believe there are any implementations available along
those lines.

--Jed  http://www.webstart.com/jed/

More information about the cap-talk mailing list