This is an old revision of the document!


Data Security and Privacy Architecture

For implementation in version 0.6

In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human element. Thus the understandability of the security mechanism is also key to maintaining security.

With regard to this we have the following:

Authorization

Authorization in Sahana is handled through pre-defined data classification levels and well known user roles in disasters.

Data Classification Levels

  • 3-Highly Confidential - Effectively Top Secret and only available to main coordinator
  • 2-Trusted Parties - Available to trusted, trained and skilled personal (e.g Emergency Services)
  • 1-Registered Users - Data available to people who are registered on the site (e.g volunteers)
  • 0-Anonymous Users - Effectively data available for public consumption

If the data is not classified it will default to the classification level of 2-Trusted Parties

User Roles

  • Administrator - The system admin / root user
  • Main Operations Coordinator - The officially designated relief coordinator
  • Senior Organization Contact - The senior most user for a trusted participating organization (NGO, Gov Ministry, etc)
  • Trusted User - An officially trusted and designated user of the system. Often member of a trusted supporting organization.
  • Registered User - A registered user in the system (e.g Volunteers, Family)
  • Anonymous User - An unauthenticated user

Default Data Classification to Role Mapping

Classification
Highly Confidential Main Coordinator
Trusted Parties Main Coordinator, Senior Org Contact, Trusted User, Admin

Navigation
  • Navigate