Differences

This shows you the differences between two versions of the page.

dev:security [2007/03/09 08:09]
chamindra
dev:security [2009/07/06 20:36] (current)
Line 1: Line 1:
-====== Data Security and Privacy Design ======+===== Data Security and Privacy Design =====
-__For implementation in version 0.6__+===== Introduction =====
In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human error. Thus the understandability of the security mechanism is also key to maintaining security. In Sahana, we have decided to stick to KISS principles on security design as over complicated security frameworks also can yield numerous flaws due to the human error. Thus the understandability of the security mechanism is also key to maintaining security.
With regard to this we have come up with the following: With regard to this we have come up with the following:
- 
- 
- 
- 
===== Authorization and Data Sensitivity ===== ===== Authorization and Data Sensitivity =====
Line 46: Line 42:
| Unclassified | MainOps, OrgHead, Trusted | | Unclassified | MainOps, OrgHead, Trusted |
 +
 +
 +===== Implementation =====
 +
 +__Implemented in version 0.6__
 +
 +Minimal requirement to implement ACL in a new module is to include a proper [[secpolicyxml|sec_policy.xml]].
 +If it also requires new tables, data classification levels or roles, then they need to add them to "mysql-config.sql". e.g.:
 +
 +  INSERT INTO sys_data_classifications VALUES ( 4, 'National Security Sensitive');
 +  INSERT INTO sys_user_groups VALUES ( 2, 'Registered User');
 +
 +The necessary headers (lib_acl.inc, lib_auth.inc) are already included via the front controller, so don't need including again.
 +
 +These functions used to check ACL should be left to the framework & not used directly by modules:
 +  shn_acl_get_state()
 +  shn_acl_check_perms_action()
 +
 +  * [[stream_security|Stream Security]]
 +  * [[http://www.cs.trincoll.edu/~gcapalbo/sahana_vm_acl/|VM ACL (proposed)]] which includes a useful description of the main Sahana ACL
 +
 +===== NGO Security References =====
 +
 +  * [[http://www.uia.org/surveys/ngohaz/ngosecbi.htm | Security of NGO]]
 +  * [[http://ngosecurity.googlepages.com/|The NGO security Page]]
 +  * [[http://ngosecurity.googlepages.com/safety%26securitymanuals|NGO Security Manuals]]
 +
 +===== Old, Deprecated Approach =====
 +Old, deprecated approach is based on PHPGACL:
 +  * [[authorization | Authorization]]
 +  * [[acldesign | ACL Design]]
 +  * [[acl | ACL Example]]
 +
 +
 +===== New action wise security draft =====
 +  * [[new_acl | New Architecture]]

Navigation
  • Navigate