[AG-TECH] sever, roles & actions

[Thomas D. Uram]

Hello Rosario:

A complete security policy would, as you say, employ an encrypted
Venue and some changes to the roles/actions for a Venue.  We have,
unfortunately, not clarified the changes that must be made to the
actions list to prevent entry or access to critical data.

Rather than do that, though, I'd recommend this:

- Add the users you want to allow into the Venue to the AllowedEntry
role.  This will allow these users into the Venue, and allow them to
perform the actions that are, by default, allowed to venue users.

- Unauthorize all actions for the Everybody role.  For a secure Venue,
you don't need to allow random people to perform any actions whatsoever.

If you want to make the Venue publicly accessible again later, you can
again authorize the set of actions for the Everybody role.

If you have more questions, please don't hesitate to ask.

Tom Uram


On 2/15/06 7:12 AM, Rosario Lombardo wrote:
> Hello everybody,
> in order to enforce a security policy for a Virtual Venue Server are 
> required encrypted Venues and a some control over Actions and Roles 
> (maybe something else?).
> 
> - Specifically, which set of actions (dis/)allow uploading and deleting 
> files, starting/deleting SharedApp sessions, and similar simple tasks?
> 
> - More generally speaking, which set of actions are involved in a less 
> simpler security policy dealing with various authorization classes (Roles)?
> 
> I had a look at the docs, API, and also to AGEP-0105.txt draft, but I 
> can't find any single description of the dozens of actions, differently 
> grouped in Server Security and Venue Security tabs.
> 
> Thanks,
> \\Rosario
> 
> -- 
> 
> Rosario Lombardo
> Information Science and Technology Institute (ISTI) - Cnr, Italy
> rosario.lombardo at isti.cnr.it 
> <mailto:rosario.lombardo at isti.cnr.it>   *-*   http://hpc.isti.cnr.it/~lombardo 
> <http://hpc.isti.cnr.it/%7Elombardo>
> phone: +39 050-315-3076