[AG-TECH] sever, roles & actions
Rosario Lombardo
rosario.lombardo at isti.cnr.it
Thu Feb 16 03:40:39 CST 2006
Thanks Tom!
Now my problem is that after playing with those fancy actions... some
people cannot anymore upload and/or start Shared Presentations...
unless I grant everything to everybody: not that fair.
Should I just copy from a clean server install the VenueServer.(cfg|dat)
files?
Could it be possible to tweak or reset, somehow, the config using the
AGTk tools and infrastructure?
\\Rosario
Thomas D. Uram wrote:
>
> Hello Rosario:
>
> A complete security policy would, as you say, employ an encrypted
> Venue and some changes to the roles/actions for a Venue. We have,
> unfortunately, not clarified the changes that must be made to the
> actions list to prevent entry or access to critical data.
>
> Rather than do that, though, I'd recommend this:
>
> - Add the users you want to allow into the Venue to the AllowedEntry
> role. This will allow these users into the Venue, and allow them to
> perform the actions that are, by default, allowed to venue users.
>
> - Unauthorize all actions for the Everybody role. For a secure Venue,
> you don't need to allow random people to perform any actions whatsoever.
>
> If you want to make the Venue publicly accessible again later, you can
> again authorize the set of actions for the Everybody role.
>
> If you have more questions, please don't hesitate to ask.
>
> Tom Uram
>
>
> On 2/15/06 7:12 AM, Rosario Lombardo wrote:
>> Hello everybody,
>> in order to enforce a security policy for a Virtual Venue Server are
>> required encrypted Venues and a some control over Actions and Roles
>> (maybe something else?).
>>
>> - Specifically, which set of actions (dis/)allow uploading and
>> deleting files, starting/deleting SharedApp sessions, and similar
>> simple tasks?
>>
>> - More generally speaking, which set of actions are involved in a
>> less simpler security policy dealing with various authorization
>> classes (Roles)?
>>
>> I had a look at the docs, API, and also to AGEP-0105.txt draft, but I
>> can't find any single description of the dozens of actions,
>> differently grouped in Server Security and Venue Security tabs.
>>
>> Thanks,
>> \\Rosario
>>
>> --
>>
>> Rosario Lombardo
>> Information Science and Technology Institute (ISTI) - Cnr, Italy
>> rosario.lombardo at isti.cnr.it <mailto:rosario.lombardo at isti.cnr.it>
>> *-* http://hpc.isti.cnr.it/~lombardo
>> <http://hpc.isti.cnr.it/%7Elombardo>
>> phone: +39 050-315-3076
>
More information about the ag-tech
mailing list