[OLPC Security] "Document Type" permissions

Mike C. Fletcher mcfletch at vrplumber.com
Tue Jun 5 13:40:10 EDT 2007 

Bitfrost[1] and and the collating document[2] both speak of a 
document-type-specific permission for certain classes of viewers, such 
as photo-management applications.  This seems like a poor security 
trade-off given the nature of the Journal system.  Why not simply allow 
the Journal to store "smart folders" which can be made available in the 
photo-management application's read-only layer.

That way if an application happens to have the ability to view multiple 
document types (e.g. photos and videos) the user can explicitly load 
both data-sets (via a compound query) into the application's 
working-space.  The definition of the smart folder would be itself a 
document in the Journal, and a user could re-use it by opening and 
editing it (on save it would be versioned, as with any other resource).  
If the user wanted the photo application to just have access to the 
images from last Friday for this session (because they want to use it to 
manage files in a presentation, for instance) they could restrict the 
Journal search to that date and load the result-set.  Alternately, if 
they just wanted to run the application against a Journal project-space, 
they could load that project space and work with just the subset of 
files in that space.

This would seem to be more transparent than having data-type (or worse, 
file-extension) based permission filters.  It also represents a minimal 
change to both the application and the general 
Journal-as-file-system-view mechanism, merely allowing for saving "smart 
queries" when doing a search.  It would be convenient if it were easy to 
add a Journal entry including the application and the smart query 
"document" in the application launch menu, but that's another issue.

Example interactions:

Image Viewer for All Images in the last 3 Days

    * Open File(s) (Journal Viewer application pops up with Journal view
      by default)
    * Choose File Types
          o Choose Category Image
                + Optionally choose Sub-category
          o Add Filter Date (choose: "in the last three days")
    * Save Query as a Smart Folder
    * Ok

Reopen Image Viewer for All Images in the last 3 Days

    * Open File(s) (Journal Viewer application pops up with Journal view
      by default)
    * Choose Smart Folders
          o Choose the saved query

Archiver/Packager for all files in a given Project (e.g. a zipfile creator)

    * Open Files(s) (Journal Viewer application pops up in Journal view)
    * Choose the Journaled session/project

My point here being to make the Journal interaction consistent as far as 
the security system goes.  That is, there's no exception for the 
"special" application, the user explicitly grants it access to the files 
to which they want to grant it access, they merely do so via a query 
mechanism, rather than the browsing mechanism of the regular Journal view.

HTH,
Mike

[1] http://wiki.laptop.org/go/OLPC_Bitfrost#P_DOCUMENT_RO
[2] 
http://wiki.laptop.org/go/Correlating_Bitfrost_and_Threats#Safest_Categories_for_Application_Installation

-- 
________________________________________________
  Mike C. Fletcher
  Designer, VR Plumber, Coder
  http://www.vrplumber.com
  http://blog.vrplumber.com

More information about the Security mailing list