Security test case
johnson at cs.uiuc.edu
Tue Jun 22 14:45:03 MEST 2004
I have been wanting a wiki to do the following thing for a long time. It
looks to me like SmallWiki will make it much easier. Your comments on
persistence were helpful, so I would like to discuss this for awhile.
I teach a course in which students do most of the lecturing. We read
several books, and each student presents a chapter. They also write a
couple of study questions, and students are expected to read the chapter and
answer the study questions. The presenter will grade the answers.
I'd like to do it on the wiki. At first, all answers are secret. Students
can read what they wrote, but nobody else can. Except the presenter/grader.
Once the answers are graded, the grader will publish them, making special
notes of the good ones.
Here is how I think it will work. I'll need a new kind of structure called
a "virtual folder".
First, each student has their own folder named after their UIUC net ID.
There will be a folder called Students and it has subfolders for each
student. A students subfolder is private. The students create pages called
"chapter 1" and "chapter 2" for their answers. The administrator will
create a special page in the folder of the grader. This is the virtual
folder, which is a capability page. It pretends to be a folder with all the
answers in it. It might be called "chapter 1 answers" and it will be
parameterized to show all the pages in subfolders of Students that are
called "chapter 1". The grader will make a new page that discusses the
answers, says which ones are especially good, and contains pointers to them.
Then he will publish the page in read-only mode.
The virtual folder is a way of changing roles of structure. Pages in it
will use the security policies that it defines rather than the policies of
their own folder.
>From my quick reading of the security paper, it appears that security is
implemented using Chain of Responsibility from the root, which means that
structure inherits from its parent because control passes through the
parent. Therefore, a virtual folder should be able to change security
policies. In contrast, if security was implemented by having each structure
ask its parent whenever it needed a security policy, this would not work.
So, what do you think? Is there already a virtual folder class? If not,
will it be hard to make?
More information about the SmallWiki