OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sdd message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [sdd] Requirement 2.2.1.12


Requirement 2.2.1.4 already covers defining the privileges needed for installing components, which would be what was needed in the aggregation use case. I am reading Requirement 2.2.1.12 as defining how the security attributes on the installed content should be set - e.g. the ownership and permission flags on the installed files; the run-as user ID for processes; etc. That's what I think should be in the artifact not in the SDD.

Regards,
Christine

Senior Technical Staff Member
IBM, 11501 Burnet Road, Mail Point 901-6B10
Austin, TX 78758
1-512-838-3482 tl 678-3482
Inactive hide details for "Danielson, Debra J" <Debra.Danielson@ca.com>"Danielson, Debra J" <Debra.Danielson@ca.com>


          "Danielson, Debra J" <Debra.Danielson@ca.com>

          03/23/2006 03:15 PM


To

Christine Draper/Austin/IBM@IBMUS, <sdd@lists.oasis-open.org>

cc


Subject

RE: [sdd] Requirement 2.2.1.12

I believe that the concept of administrative vs. user privileges is fundamental to the solution lifecycle, and cannot be ignored or delegated to the “artifact” in the schema definition. (Although it may be delegated to the artifact in the tooling)

Additionally, the tooling may need to have information about the privileges that are required so that components can be appropriately composed into a solution. So, for example if you are aggregating 2 components, one which requires administrative credentials, and one which cannot be installed using administrative credentials, wouldn’t you expect the SDD to contain the information that surfaces these mutually exclusive requirements?


Regards,
Debra


From: Christine Draper [mailto:cdraper@us.ibm.com]
Sent:
Monday, March 20, 2006 7:42 AM
To:
sdd@lists.oasis-open.org
Subject:
[sdd] Requirement 2.2.1.12

All,

I disagreed with the following requirement, because it seemed to be asking for something that should be defined within the install artifact, not within the SDD - i.e. it is instructions on how the content should be installed. Requirement 2.2.1.4 already deals with privileges needed by the invoker of the lifecycle operation. If the content being installed has to be assigned different ownership/privileges, then the invoker will need administrative privileges and the install logic that handles the artifact in the target environment will need to set that ownership/privilege - but this should be based on information in the artifact, not the SDD.

Does anyone have a use case to explain what the intent of 2.2.1.12 was? UC 39 doesnt help me, it just says a non-admin user should be able to install non-system software.


ORIGINAL:

2.2.1.12 Installed component privileges: The SDD specification must support the definition of user privileges/ownership appropriate for the installed content. Where certain level of privileges are required, it is RECOMMENDED, as a best practice, to use the minimal level of required privileges in any environmental requirement.UC: 39

Regards,
Christine

Senior Technical Staff Member
IBM, 11501 Burnet Road, Mail Point 901-6B10
Austin, TX 78758
1-512-838-3482 tl 678-3482

GIF image



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]