Differences

This shows you the differences between two versions of the page.

dev:security [2007/03/07 04:44]
chamindra
dev:security [2009/07/06 20:36] (current)
Line 1: Line 1:
-====== Data Security and Privacy Architecture ====== +===== Data Security and Privacy Design =====
- +
-__For implementation in version 0.6__ +
- +
-In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human element. Thus the understandability of the security mechanism is also key to maintaining security. +
- +
-With regard to this we have the following:+
 +===== Introduction =====
 +In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human error. Thus the understandability of the security mechanism is also key to maintaining security.
 +With regard to this we have come up with the following:
===== Authorization and Data Sensitivity ===== ===== Authorization and Data Sensitivity =====
Line 19: Line 16:
  * **National Security Sensitive** - Data that if in the wrong hands can be a threat to National Security   * **National Security Sensitive** - Data that if in the wrong hands can be a threat to National Security
  * **Socially Sensitive** - Data that is sensitive to the society affected in the disaster   * **Socially Sensitive** - Data that is sensitive to the society affected in the disaster
 +  * **Disaster Mitigation Sensitive** - Information that might cause problems in mitigation disasters especially when released to the public
  * **System Sensitive** - Data that can be used to crack or break into the system   * **System Sensitive** - Data that can be used to crack or break into the system
  * **Not Sensitive** - Data not known to be sensitive   * **Not Sensitive** - Data not known to be sensitive
Line 24: Line 22:
__User Roles__ __User Roles__
-  * **Administrator** - The system admin / root user +  * **Administrator (Admin)** - The system admin / root user 
-  * **Main Operations Coordinator** - The officially designated relief coordinator +  * **Main Operations Coordinator (MainOps)** - The officially designated relief coordinator 
-  * **Senior Organization Contact** - The senior most user for a __trusted__ participating organization (NGO, Gov Ministry, etc) +  * **Head Organization Contact (OrgHead)** - The senior most user for a __trusted__ participating organization (NGO, Gov Ministry, etc) 
-  * **Trusted User** - An officially trusted and designated user of the system. Often member of a trusted supporting organization.+  * **Trusted User (Trusted)** - An officially trusted and designated user of the system. Often member of a trusted supporting organization.
  * **Registered User** - A registered user in the system (e.g Volunteers, Family)   * **Registered User** - A registered user in the system (e.g Volunteers, Family)
  * **Anonymous User** - An unauthenticated user   * **Anonymous User** - An unauthenticated user
===== Default Data Classification to Role Mapping ===== ===== Default Data Classification to Role Mapping =====
 +The following gives the default Mapping, which can be altered by the system admin based on the requirements during deployment.
 +
 +^ Data Classification ^ Roles that have access ^
 +| Person Sensitive | MainOps, OrgHead, Trusted |
 +| Organization Sensitive  | MainOps, OrgHead |
 +| Legally Sensitive | MainOps, OrgHead, Trusted |
 +| National Security Sensitive | MainOps |
 +| Socially Sensitive | MainOps, OrgHead, Trusted |
 +| System Sensitive | Admin |
 +| Not Sensitive | All |
 +| Unclassified | MainOps, OrgHead, Trusted |
 +
 +
 +
 +===== Implementation =====
 +
 +__Implemented in version 0.6__
 +
 +Minimal requirement to implement ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].
 +If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.:
 +
 +  INSERT INTO sys_data_classifications VALUES ( 4, 'National Security Sensitive');
 +  INSERT INTO sys_user_groups VALUES ( 2, 'Registered User');
 +
 +The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again.
 +
 +These functions used to check ACL should be left to the framework & not used directly by modules:
 +  shn_acl_get_state()
 +  shn_acl_check_perms_action()
 +
 +  * [[stream_security|Stream Security]]
 +  * [[http://www.cs.trincoll.edu/~gcapalbo/sahana_vm_acl/|VM ACL (proposed)]] which includes a useful description of the main Sahana ACL
 +
 +===== NGO Security References =====
 +
 +  * [[http://www.uia.org/surveys/ngohaz/ngosecbi.htm | Security of NGO]]
 +  * [[http://ngosecurity.googlepages.com/|The NGO security Page]]
 +  * [[http://ngosecurity.googlepages.com/safety%26securitymanuals|NGO Security Manuals]]
 +
 +===== Old, Deprecated Approach =====
 +Old, deprecated approach is based on PHPGACL:
 +  * [[authorization | Authorization]]
 +  * [[acldesign | ACL Design]]
 +  * [[acl | ACL Example]]
 +
-^ Classification ^ Roles that have access * +===== New action wise security draft ===== 
-| Highly Confidential | Main Coordinator | +  * [[new_acl | New Architecture]]
-| Trusted Parties     | Main Coordinator, Senior Org Contact, Trusted User, Admin |+

Navigation
  • Navigate