Project

General

Profile

Task #4033

MNDeployment #3188: Kansas University Biodiversity Institute

Evaluate KUBI MN.getLogRecords() authorization policy

Added by Chris Jones over 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
CJ Grady
Target version:
Start date:
2013-10-03
Due date:
% Done:

100%

Story Points:
Sprint:

Description

While calling MN.getLogRecords() on the KUBI MN, it looks like all log records are publicly viewable. While this may not be an issue, some repositories do not equate public read access to objects with public read access of the logs of those objects. This is a policy decision for the Biodiversity Institute (Is it okay that anyone can determine who (via IP or certificate subject) has been accessing KUBI objects?). Note that the "MN.getLogRecords()":http://mule1.dataone.org/ArchitectureDocs-current/apis/MN_APIs.html#MNCore.getLogRecords API method states "The response MUST contain only records for which the requestor has permission to read." Log records are shown at https://bidataone.nhm.ku.edu/mn/v1/log. I'm just bringing this to CJ and Aimee's attention so they can clarify their MN policy on reading log records.

History

#1 Updated by Chris Jones over 10 years ago

  • Description updated (diff)

#2 Updated by Chris Jones over 10 years ago

  • Assignee changed from Roger Dahl to Aimee Stewart

Assigning to Aimee.

#3 Updated by CJ Grady over 10 years ago

  • Assignee changed from Aimee Stewart to CJ Grady

#4 Updated by Roger Dahl over 10 years ago

  • Status changed from New to Closed
  • translation missing: en.field_remaining_hours set to 0.0

#5 Updated by Bruce Wilson over 10 years ago

  • Target version changed from 315 to Deploy by end of Y5Q2

#6 Updated by Laura Moyers about 10 years ago

  • Target version changed from Deploy by end of Y5Q2 to Deploy by end of Y5Q3

#7 Updated by Laura Moyers about 10 years ago

  • Target version changed from Deploy by end of Y5Q3 to Operational

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)