Uploaded image for project: 'OASIS OSLC Lifecycle Integration Core (OSLC Core) TC'
  1. OASIS OSLC Lifecycle Integration Core (OSLC Core) TC
  2. OSLCCORE-68

Extend access context to support notion of delegation

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: TRS
    • Labels:
    • Proposal:
      Hide

      Proposal - Provide delegated access control
      • Add a new property acc:type=acc:delegated to identify that the accessContext should be read from another resource, using the acc:accessContext value.

      Clients SHOULD detect infinite delegation loops. To reduce the cost of client processing, servers SHOULD NOT use more than 5 levels of delegation for a given access context.

      Example:

      Some work items are assigned to iteration 30, which is being managed by team A. I want an easy way to be able to change that team assignment from team A to team B, so I do not want to embed the team access context in every work item.

      <https://a.example.com/defect/2314> acc:accessContext <https://a.example.com/access/context12345> .
      <https://a.example.com/defect/5678> acc:accessContext <https://a.example.com/access/context12345> .

      <https://a.example.com/access/context12345>
      a acc:AccessContext ;
      dcterms:title "Iteration 30 access context" ;
      dcterms:description "This is the access context for work items for iteration 30; it delegates to the access context for the team currently responsible for that iteration." ;
      acc:type acc:delegated ;
      acc:accessContext <https://a.example.com/access/context56789> .

      <https://a.example.com/access/context56789>
      a acc:AccessContext ;
      dcterms:title "Team B access context" ;
      dcterms:description "This is the access context for the team for team B; various iterations delegate to me." .

      Show
      Proposal - Provide delegated access control • Add a new property acc:type=acc:delegated to identify that the accessContext should be read from another resource, using the acc:accessContext value. Clients SHOULD detect infinite delegation loops. To reduce the cost of client processing, servers SHOULD NOT use more than 5 levels of delegation for a given access context. Example: Some work items are assigned to iteration 30, which is being managed by team A. I want an easy way to be able to change that team assignment from team A to team B, so I do not want to embed the team access context in every work item. < https://a.example.com/defect/2314 > acc:accessContext < https://a.example.com/access/context12345 > . < https://a.example.com/defect/5678 > acc:accessContext < https://a.example.com/access/context12345 > . < https://a.example.com/access/context12345 > a acc:AccessContext ; dcterms:title "Iteration 30 access context" ; dcterms:description "This is the access context for work items for iteration 30; it delegates to the access context for the team currently responsible for that iteration." ; acc:type acc:delegated ; acc:accessContext < https://a.example.com/access/context56789 > . < https://a.example.com/access/context56789 > a acc:AccessContext ; dcterms:title "Team B access context" ; dcterms:description "This is the access context for the team for team B; various iterations delegate to me." .

      Description

      There are examples of scenarios where the access context of a large number of resources is affected by an external change. For example, in a task tracking system, you might need to update the access for a large number of tasks if the work is reassigned to a different release, or to a different team.

        Attachments

          Activity

            People

            • Assignee:
              jamsden James Amsden
              Reporter:
              ndjc Nick Crossley
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: