Closed kimpham54 closed 7 years ago
kstapelfeldt
commented
7 years ago One approach discussed was to apply a collection for annotations (like a standard collection) so annotation containers and objects go in that collection and then modify a policy associated with a collection. The main issue is that we didn't begin this as a solution pack, so it may be less straightforward to implement a collection on a utility module (requires exploration).
kstapelfeldt
commented
7 years ago From @kimpham54 - i know that it’ll get us to work with xacml sooner, but it’s still a workaround since that’s not the original purpose of collection. if we can do something akin to how book can use xacml on AnnotationContainer - take all rels-ext relations under container and apply xacml to its children, that would be a logical way to restrict permissions
kstapelfeldt
commented
7 years ago Before deciding whether or not this is a blocker, it will require investigation by @MarcusBarnes and @Natkeeran
kimpham54
commented
7 years ago issue has been resolved. all annotations are placed in an annotations collection under islandora:root, to which you can apply xacml policies on
if we want to control which users can search for annotations, we will probably want to use XACML. XACML can only be controlled on a collection or object basis.
How should this be implemented with annotations? A user should not have to apply xacml to annotations by object, but annotations do not belong in a collection so they cannot be applied that way.
Note: Book also allows for xacml to be applied to its pages - perhaps this can be done with AnnotationContainer.