Monday:
perMIT
Data Tables
"Qualifier modifies the scope within an A-spec."
...
URL to show some of the rules. Jim will send or put in wiki.
Tuesday:
perMIT:
Qualifiers vs. Object
Qualifiers belong to a heirarchy
Subject | Function | qualifier | |
Subject | Verb | object | |
Who | What | where |
Should permit add a second optional qualifier? (4 columns)
perMIT - Tuesday afternoon
Master Dept. Hierarchy
https://mv-ezproxy-com.ezproxy.canberra.edu.au/mdept/\\
If Jim were redoing qualifier hierarchy section of Roles, he would implement it more like the master dept. hierarchy. Allows for multiple types in single heirarchy. Also means that certain objects don't need to be duplicated.
Should perMIT do this? We could put in the tables and columns, but have them default to the way that we have qualifiers implemented today.
Bigger meeting topic: should we change the data model of the qualifiers so that a single object can exist in two hierarchies.
Allows for some very sophisticaded reporting, but need think through the UI issues of creating the qualifiers.
Here's an object. What views do you want it to appear in? What are the parents and children in each of the views?
Friday: revisiting the DB schema. How to restructure the qualifiers
Wednesday:
perMIT daily:
Waiting to hear back from Peter Maloof.
SqlSquiral installed and able to access troles.
Perl scripts to pull out stored procedures:
- Need perl modules: dbi and oraperl
Jim out on Thursday, back in on Friday.
1 hour meeting on Friday to start writing more verbose use cases.
Friday:
PACMANN call:
- Discussion about spoc-p
- Lief and Roland: ontologies and semantic web
Permission
Privileges
Claim
Assertion
Attribute
Entitlement
Authorization
Roles
Rule
Provision
Delegation
Designation
Fufillment
Authority
Eligibility
Approval
Approver
Grantee
Grantor
Federation
Hierarchy
Group
ACL (access control list)
Access?
XACML diagrams
Ontology
AI:
Klara and Rob - survey results
Still in process
-talking with our auditors
Can we get a letter from MIT auditors that say they are happy with MIT Roles?
perMIT use cases:
Show changes to authorizations for a person
- Show recent change
Show changes made by a person
Given a function and qualifier, show the history of the changes to who had access (5)
This assumes the qualifier is stable. If the qualifier has moved (e.g. from one fund center to another) then we don't track enough historical information to generate this report for those situations.
Note: mergers and acquisitions probably cause the most disruption in qualifiers. HR hierarchy, finance, ...
User's whose directory information has changed (in a given time period)
Might have moved from one department to another
Status change (employee became student, ...)
Users that departed
Note: this report is really based on system(s) external to perMIT. perMIT doesn't necessarily have all of this data about people.
Note: discussion about the contraints within roles that require that the SUBJECT be known to the system before A-spec data entry can be performed.
Hmm, should perMIT be LDAP enabled in order to lookup people?
Does sample data contain some sample HR data from an external system.
Pick a category and a qualifier type.
Display the functions related to the qualifier and the people that have those functions and qualifiers.
(qualauth.pl?category=HR&qulatype=ORG2&...)
Pick by Category & DLC:
Shows each of the hierarchies with each of the applicable Functions, and how many people have each authorization assigned.
Dlc-auth-all.pl:
Pick by category and DLC
Can display a number of options
One-step lookup of requisitioner and approval authorizations (specific use case of use case 5)
Pivot view into hierarchies:
Note: the meta data about a qualifier does not exist in roles. Current CGI code has code that nows how to pick this up from MIT DW (in some cases).
Should there be some web service interfaces so that other customers can then create the other end of the web service. Once done, you can create some rich reports very easily.
Quarterly metrics reports
Data feeds:
Parameters that limits changes made by data feeds