add authorisation definition and checking services

[amedranogil]

Originally Opened: @amedranogil (2014-05-29 16:41:53)

Authorisation mechanisms are needed by many applications, whether it is to define who can read (or write) what data, or to consult if certain data item is accessible by any given user.

These mechanisms have to be supported in universAAL. The platform must be able to support all these applications, and if possible, it should use these mechanisms within the platform to increase the overall security.

The preliminary ontology to support access control of users to assets (the objects that may have restricted access), is shown in the attached image. Roles are a mechanism to manage the access rights in an optimal way.

Roadmap:

• refine the ontology
• Define services for:
  • checking the access rights of any given user to any given asset
  • managing roles
  • managing Acess Rights per role
  • delegating Roles
• Develop a tool to manage the roles (and access rights per role) intuitively.
• Ensure the storage of the security profiles, roles, access rights and default access for assets is secure and can not be read by un-authorised modules. CHe must ensure open SPARQL queries (and other queries) are restricted to assets that the user has access to.
• Ensure the CHe queries may not change the access rights unless issued by authorised users.

--

From: this issue has been automatically imported from our old issue tracker