Task #4033
MNDeployment #3188: Kansas University Biodiversity Institute
Evaluate KUBI MN.getLogRecords() authorization policy
100%
Description
While calling MN.getLogRecords() on the KUBI MN, it looks like all log records are publicly viewable. While this may not be an issue, some repositories do not equate public read access to objects with public read access of the logs of those objects. This is a policy decision for the Biodiversity Institute (Is it okay that anyone can determine who (via IP or certificate subject) has been accessing KUBI objects?). Note that the "MN.getLogRecords()":http://mule1.dataone.org/ArchitectureDocs-current/apis/MN_APIs.html#MNCore.getLogRecords API method states "The response MUST contain only records for which the requestor has permission to read." Log records are shown at https://bidataone.nhm.ku.edu/mn/v1/log. I'm just bringing this to CJ and Aimee's attention so they can clarify their MN policy on reading log records.
History
#1 Updated by Chris Jones about 11 years ago
- Description updated (diff)
#2 Updated by Chris Jones about 11 years ago
- Assignee changed from Roger Dahl to Aimee Stewart
Assigning to Aimee.
#3 Updated by CJ Grady about 11 years ago
- Assignee changed from Aimee Stewart to CJ Grady
#4 Updated by Roger Dahl about 11 years ago
- Status changed from New to Closed
- translation missing: en.field_remaining_hours set to 0.0
#5 Updated by Bruce Wilson about 11 years ago
- Target version changed from 315 to Deploy by end of Y5Q2
#6 Updated by Laura Moyers almost 11 years ago
- Target version changed from Deploy by end of Y5Q2 to Deploy by end of Y5Q3
#7 Updated by Laura Moyers almost 11 years ago
- Target version changed from Deploy by end of Y5Q3 to Operational