[eml-cvs] eml eml.xsd

Matt Jones jones at nceas.ucsb.edu
Fri Jun 25 08:18:30 PDT 2004


Hi Peter,

Peter McCartney wrote:
[snip]
> while we're on the subject, the problems we have with eml access is that
> it does not allow us to reference multiple systems when listing the
> various principles that have access to the data. we validate against two
> separate authorities, but are forced to map both to a single user
> directory so that we can reference groups as the principles (dont even
> think about telling me i shouldnt be using groups!!). so moving the
> system attribute to the prniciple would be a MUCH higher priority for
> us.

We've always intended that 'principal' could be a user or a group or 
other kind of role based access.  That's why its called principal rather 
than user.  Because 'allow' and 'deny' each allow multiply nested 
'principal' fields, we might consider putting authSystem on allow and 
deny rather than principal, as it would cut down on the number of times 
you'd have to list it.  But it has the disadvantage of being less 
directly tied to the principal.  Either way, I agree it would be good to 
include the ability for principals to be drawn from more than one 
authSystem.

Matt
-- 
-------------------------------------------------------------------
Matt Jones                                     jones at nceas.ucsb.edu
http://www.nceas.ucsb.edu/    Fax: 425-920-2439    Ph: 907-789-0496
National Center for Ecological Analysis and Synthesis (NCEAS)
University of California Santa Barbara
Interested in ecological informatics? http://www.ecoinformatics.org
-------------------------------------------------------------------



More information about the Eml-dev mailing list