[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Access Rights According to CSA

To: ietf-calendar <ietf-calendar@xxxxxxx>
Subject: Access Rights According to CSA
From: Frank Dawson <fdawson@xxxxxxxxxxxxxxx>
Date: 29 Jul 96 21:24:59
Sender: owner-ietf-calendar@xxxxxxx
Folks, health warning...long note:

Since I haven't formatted the XAPIA CSA document into a I-D like *.txt format, 
here is the text from that document on access rights etc.

I don't know how this will format in an email message, so let me describe. This 
is the AccessList abstract data type from the CSA specification. I keep quoting 
scripture from it because it was defined as a consensus document from input 
from Lotus, WordPerfect, Novell, Microsoft, DAC Associates, IBM, CE Software, 
Campbell Services, Microsystems Software, Attachmate, Arabesque Software, and 
SunSoft. It has been implemented in over four vendor products. Sorry for the 
tendency to reuse. It's just good stuff, built on previous consensus

The access list in the CSA is a linked list of a two-tuple of the calendar user 
and a mask of access rights. This access list is defined on a calendar basis 
for determining access privileges to the calendar container by a number of 
external users. The highest access right is the rights equivalent to the 
calendar owner. Remember these are the access rights given an external user. 
The individual objects or entries in a calendar have classifications that match 
the basic three levels made use of here (ie, PUBLIC, PRIVATE, and 
CONFIDENTIAL). I think that this meets the requirements indicated in the notes 
so far. 

Here is the descriptive prose that describes a very good model for access 
control (page 11-12, CSA):
The accessibility of a calendar to an individual user can be controlled by the 
access rights given that user.  Access rights are paired with a calendar user.  
A calendar user can be an individual, group or resource.  The access rights are 
maintained in an access list.  The access list is a particular calendar 
attribute.  The access rights are individually controlled and can be 
accumulated to define a range of accessibility of a user to a calendar and its 
entries.  The access rights can also be specified in terms of one of three 
access roles.  These include the role of the owner of a calendar, the organizer 
of a particular entry within the calendar, and the sponsor of a particular 
entry within the calendar.  The owner role permits the user to do anything to 
the calendar or calendar entries that the owner of the calendar can do.  This 
includes deleting the calendar, viewing, inserting, and changing calendar 
attributes, adding and deleting calendar entries, and viewing, inserting, and 
changing entry attributes.  The organizer role permits the user to delete the 
entry or view and change entry attributes for those calendar entries which the 
user is specified as the organizer.  The organizer defaults to the calendar 
user that created the entry.  The sponsor role permits the user to delete the 
entry or view and change entry attributes for those calendar entries which the 
user is specified as the sponsor.  The sponsor is the calendar user that 
effectively owns the calendar event or todo.  In addition to these roles, an 
access right can be set to limit access to free time searches, view, insert or 
change calendar attributes, or view, insert or change entries; dependent on thei
r classification as public, confidential, or private.  The entry classification 
acts as a secondary filter on accessibility.
Here is the definition of the access list abstract data type:
Access List
NAME
 Access List - type definition for a list of access rights data value.
C DECLARATION
 typedef struct CSA_TAG_ACCESS_RIGHTS {
  CSA_calendar_user   *user;
  CSA_flags    rights;
  struct CSA_TAG_ACCESS_RIGHTS *next;
 } CSA_access_rights, *CSA_access_list;
DESCRIPTION
A data value of this data type is used to define the access rights for a list 
of calendar users.  An access list is a list of access rights data structures.
The access rights structure consists of the following components:
1. user - Identifies the calendar user associated with this access entry.
2. rights - Specifies the access rights for this user to this calendar.  The 
defined access rights include:
CSA_FREE_TIME_SEARCH
CSA_VIEW_PUBLIC_ENTRIES
CSA_VIEW_CONFIDENTIAL_ENTRIES
CSA_VIEW_PRIVATE_ENTRIES
CSA_INSERT_PUBLIC_ENTRIES
CSA_INSERT_CONFIDENTIAL_ENTRIES
CSA_INSERT_PRIVATE_ENTRIES
CSA_CHANGE_PUBLIC_ENTRIES
CSA_CHANGE_CONFIDENTIAL_ENTRIES
CSA_CHANGE_PRIVATE_ENTRIES
CSA_VIEW_CALENDAR_ATTRIBUTES
CSA_INSERT_CALENDAR_ATTRIBUTES
CSA_CHANGE_CALENDAR_ATTRIBUTES
CSA_ORGANIZER_RIGHTS
CSA_SPONSOR_RIGHTS
CSA_OWNER_RIGHTS
CSA_FREE_TIME_SEACH - When set, implies that the user will be able to access 
the calendar entries for free time search.  No access is provided to the 
calendar attributes.
CSA_VIEW_PUBLIC_ENTRIES, CSA_VIEW_PRIVATE_ENTRIES, and 
CSA_VIEW_CONFIDENTIAL_ENTRIES - When set, gives the user access to list and 
read the calendar entries with an access class of public, private, or 
confidential, respectively.  No access is provided to the calendar attributes.
CSA_INSERT_PUBLIC_ENTRIES, CSA_INSERT_PRIVATE_ENTRIES, 
CSA_INSERT_CONFIDENTIAL_ENTRIES - When set, gives the user access to add the 
calendar entries with an access classs of public, private, or confidential, 
respectively.  No access is provided to the calendar attributes.
CSA_CHANGE_PUBLIC_ENTRIES, CSA_CHANGE_PRIVATE_ENTRIES, 
CSA_CHANGE_CONFIDENTIAL_ENTRIES - When set, gives the user access to update, 
and delete the calendar entries with an access classs of public, private, or 
confidential, respectively.  No access is provided to the calendar attributes.
CSA_VIEW_CALENDAR_ATTRIBUTES - When set, gives the user access to list and read 
the calendar attributes.
CSA_INSERT_CALENDAR_ATTRIBUTES - When set, gives the user access to add 
calendar attributes.
CSA_CHANGE_CALENDAR_ATTRIBUTES - When set, gives the user access to update, and 
delete the calendar attributes.
CSA_ORGANIZER_RIGHTS - When set gives the user access rights to read, update, 
or delete the entry attributes for any calendar entry for which the user is 
specified as the organizer.
CSA_SPONSOR_RIGHTS - When set gives the user the same access to read, update, 
or delete the entry attributes for any calendar entry for which the user is 
specified as the sponsor.
CSA_OWNER_RIGHTS - When set gives the user the same access rights as the owner 
of the calendar.  These rights permit the user to read, update, or add either 
the calendar attributes or the calendar entries, regardless of their access 
class.
The default access rights are implementation specific.
3. next - Points to the access entry for the next calendar user in this access 
list.
Now, here are the descriptions for the classification options for calendar 
entries:
Classification
NAME
 Classification - definition of the classification attribute.
C DECLARATION
 #define CSA_ENTRY_ATTR_CLASSIFICATION    \
  &-//XAPIA/CSA/ENTRYATTR//NONSGML Classification//EN8
DESCRIPTION
The access classification for the calendar entry.  The default for this 
attribute is CSA_CLASS_PUBLIC.  The valid values include:
CSA_CLASS_PUBLIC
CSA_CLASS_PRIVATE
CSA_CLASS_CONFIDENTIAL
The attribute can be modified by a call to csa_update_entry_attributes().  
Support for this attribute is mandatory for implementations conforming to this 
specification.
This attribute is a CSA_VALUE_UINT32 type of attribute.
Phewww!  I think that's it.
- - Frank
Follow-Ups:
- Re: Access Rights According to CSA
  - From: William P. Spencer
Prev by Date: Access Control Requirements
Next by Date: RE: Access Rights According to CSA
Previous by thread: Access Control Requirements
Next by thread: Re: Access Rights According to CSA
Index(es):
- Date
- Thread