[Building Sakai] Security Service

Mame-Awa Diop mame-awa.diop at hec.ca
Fri Feb 19 13:02:20 PST 2010 

Hi David,

Here is a quick description of our problem: at HEC Montréal, we have 
implemented the OpenSyllabus 
<http://confluence.sakaiproject.org/display/OSYL/OpenSyllabus+Home>tool 
to create and publish course outlines among other things. One of the 
characteristics of  our course outlines is that they can be hierarchical 
(content sharing) . This means a course outline can inherit parts of its 
content from other course outlines.

In the XML representing the course outline, we reference resources of 
the Resources tool.

A security problem arises when the content inherited in the course 
outline (site A)  contains a reference to a resource in the parent 
course outline (site B). The member of the course outline (site A) will 
get a 403 error when he tries to access to this resource.

Until now I have seen 2 ways to solve the problem:

    * Add the users of the course outline to the parent site with the
      content.read permission: with this I need to do a lot a
      synchronization.
    * Extend the SecurityService to tell if to site are related by
      course outlines, the member of the child site have special access
      to the resources of the parent site: I don't know how to extend or
      implement the SecurityService.

I hope it is clear, any suggestions or possibilities to extend the 
kernel to accommodate us would be appreciated and we would be glad to help.

-- 

Mame Awa Diop
HEC Montréal
3000, chemin de la côte-Sainte-Catherine
Montréal  (Québec)   H3T 2A7



-------- Message original --------
Sujet : Re: [Building Sakai] Security Service
De : David Horwitz <david.horwitz at uct.ac.za>
Pour : sakai-dev at collab.sakaiproject.org
Date : 2010-02-19 15:17
> Hi Awa,
>
> Maybe you could share with us what you need to do, possibly so we can 
> include it in a future kernel release?
>
> Regards
>
> David
>
> On 02/19/2010 10:15 PM, Mame-Awa Diop wrote:
>> Hi Lance,
>>
>> I tried the SiteAdvisors but they are not working for what I want to 
>> do. I would help if the Indina guys how they proceeded to change 
>> their SecurityService, I hope will respond to this mail.
>>
>> -- 
>>
>> Mame Awa Diop
>> HEC Montréal
>> 3000, chemin de la côte-Sainte-Catherine
>> Montréal  (Québec)   H3T 2A7
>>   
>>
>>
>> -------- Message original --------
>> Sujet : Re: [Building Sakai] Security Service
>> De : Speelmon, Lance Day <lance at indiana.edu>
>> Pour : mame-awa.diop at hec.ca <mame-awa.diop at hec.ca>
>> Copie à : sakai-dev <sakai-dev at collab.sakaiproject.org>
>> Date : 2010-02-19 15:05
>>> I know Indiana uses a slightly modified SecurityService which 
>>> consults with an external system.  You might also take a look at 
>>> SecurityAdvisors as an alternative.  L
>>> *
>>>
>>> *
>>> *Lance Speelmon*
>>> Scholarly Technologist
>>>
>>> On Feb 19, 2010, at 12:23 PM, Mame-Awa Diop wrote:
>>>
>>>> Hello everybody,
>>>>
>>>> I was wondering to implement its own SecurityService. The code is 
>>>> in the kernel and I suppose we are not supposed to modify it but 
>>>> our need is omportant. I am particularly interested in modifying 
>>>> the unlock method  for the Resources. I would appreciate it if you 
>>>> could tell me if it is  possible and how to procede.
>>>>
>>>> Thanks
>>>>
>>>> Awa,
>>>> -- 
>>>>
>>>> Mame Awa Diop
>>>> HEC Montréal
>>>> 3000, chemin de la côte-Sainte-Catherine
>>>> Montréal  (Québec)   H3T 2A7
>>>>
>>>>     
>>>> _______________________________________________
>>>> sakai-dev mailing list
>>>> sakai-dev at collab.sakaiproject.org 
>>>> <mailto:sakai-dev at collab.sakaiproject.org>
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>
>>>> TO UNSUBSCRIBE: send email to 
>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of 
>>>> "unsubscribe"
>>>
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> ------------------------------------------------------------------------
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100219/6eaec521/attachment.html

More information about the sakai-dev mailing list