[RUS-WG] RBAC use case

[Xiaoyu Chen]

hello, RUS charters and everyone:
 
        There is a very interesting (but problemmatic) use case for access control over RUS::modifyUsageRecords.
 
        For a user who takes the role of both VO manager and Resource Manager, it is possible for the user to update VO informaiton and resource informatoin (urf:ProjectName) in a single XUpdate expression as following:
 
       <?xml version="1.0" ?>
       <xupdate:modifications version="1.0" xmlns:xupdate="http://www.xmldb.org/xupdate" xmlns:urf="http://schema.ogf.org/urf/2003/09/urf">
           <xupdate:update select="/urf:UsageRecord/urf:Resource[@urf:description='VOName']">
           CMS
           </xupdate:update>
           <xupdate:update select="/urf:UsageRecord/urf:ProjectName">
           analysis
           </xupdate:update>
           </xupdate:modifications>
 
       ps: this XUpdate statement has been tested on eXist new core successfully.        
 
 
       This statement is valid XUpdate expression, but resulting in the problem for RUS access control. Theoretically this update operation should succeed for the user, but involving 2 active roles at runtime. Also these two active roles should be used each for "sub-update" statement. How the RUS access control deal with this situation???? Any single role security policies cannot guarantee the success of this update, except using each role policy for each <update> statement. So this use case indicates two problem of existing RUS specificaitons:
 
       * The RUS modification interface requires to be refined to avoid this situation ?
       * The RUS access control model requires to be more flexible and advanced features to satisfy muti-active roles and intelligent role selection mechanism. And this should be clarified in the RUS specification?
 
       How do you think ?
 
       Cheers!
       
 
School of Engineering and Design
Mobile: Mobile: ++44(0)7871876894
X. Chen