[eml-cvs] eml eml.xsd
Matt Jones
jones at nceas.ucsb.edu
Fri Jun 25 08:18:30 PDT 2004
Hi Peter,
Peter McCartney wrote:
[snip]
> while we're on the subject, the problems we have with eml access is that
> it does not allow us to reference multiple systems when listing the
> various principles that have access to the data. we validate against two
> separate authorities, but are forced to map both to a single user
> directory so that we can reference groups as the principles (dont even
> think about telling me i shouldnt be using groups!!). so moving the
> system attribute to the prniciple would be a MUCH higher priority for
> us.
We've always intended that 'principal' could be a user or a group or
other kind of role based access. That's why its called principal rather
than user. Because 'allow' and 'deny' each allow multiply nested
'principal' fields, we might consider putting authSystem on allow and
deny rather than principal, as it would cut down on the number of times
you'd have to list it. But it has the disadvantage of being less
directly tied to the principal. Either way, I agree it would be good to
include the ability for principals to be drawn from more than one
authSystem.
Matt
--
-------------------------------------------------------------------
Matt Jones jones at nceas.ucsb.edu
http://www.nceas.ucsb.edu/ Fax: 425-920-2439 Ph: 907-789-0496
National Center for Ecological Analysis and Synthesis (NCEAS)
University of California Santa Barbara
Interested in ecological informatics? http://www.ecoinformatics.org
-------------------------------------------------------------------
More information about the Eml-dev
mailing list