Ticket #790 (closed issue: fixed)

Opened 12 years ago

Last modified 12 years ago

[M] Security schema

Reported by: lawrence Owned by: ko23
Priority: critical Milestone: PROD Step2
Component: discovery Version:
Keywords: Cc:

Description (last modified by ko23) (diff)

The security component of the security has been removed from MOLES in 1.3.

1) I think it would be better to call this 1.4 now 2) It would be better that the new namespace is

ndg.nerc.ac.uk/security rather than moles/security

3) Would it not be better that the new import was from the foehn version rather than a local copy (easier for the rest of us to work with)?

Change History

comment:1 Changed 12 years ago by domlowe

I was expecting to see something like an "accessControlPolicyType" in the security schema, so all that's left in MOLES/CSML schema would be a one line reference something like:

<xs:element name="accessControlPolicy" type="ndgsec:accessControlPolicyType" minOccurs="0"/>

Rather than just pulling out the dgSecurityCondition. Otherwise we still duplicate all the below in MOLES & CSML:

<xs:element name="accessControlPolicy" minOccurs="0">

<xs:complexType>

<xs:choice>

<xs:element name="accessControlPolicyURL" type="xs:anyURI"/> <xs:element name="accessControlPolicyText" type="xs:string"/> <xs:element ref="molessec:dgSecurityCondition" maxOccurs="unbounded"/>

</xs:choice>

</xs:complexType>

</xs:element>

comment:2 Changed 12 years ago by ko23

  • Description modified (diff)

To address Dom's comment:

Ah, you want the higher level element as well. In MOLES, there's security on the metadata as well as the data, but there's no need for policies 'cos if you're not allowed to see the metadata then you can't see the attached policies (""He that would keep a secret must keep it secret that he hath a secret to keep." :-). I've added "accessControlPolicyType" to moles_security1.01, which has been uploaded to the svn.

To address Brian's comments:

1) Hmmmm... given that there no functional difference, I'd have thought that a new version number would imply different functionality: split the difference?

2) Re namespace: I asked for comments from directly concerned parties last week and received no objections. I don't want to have to go through the testing process again until a later version. Not a big issue I'd have thought.

3) foehn? Is it accessible to BODC, NOCS, and PML? Seriously, there'll be a task for Sue when this is all tested to put the schemae up on ndg.nerc.ac.uk which will give everyone a network accessible schemaLocation.

comment:3 Changed 12 years ago by ko23

  • Status changed from new to closed
  • Resolution set to fixed

No more comments or feedback, so I assume it's OK

Note: See TracTickets for help on using tickets.