[OLPC Security] "Document Type" permissions
Mike C. Fletcher
mcfletch at vrplumber.com
Tue Jun 5 13:40:10 EDT 2007
Bitfrost[1] and and the collating document[2] both speak of a
document-type-specific permission for certain classes of viewers, such
as photo-management applications. This seems like a poor security
trade-off given the nature of the Journal system. Why not simply allow
the Journal to store "smart folders" which can be made available in the
photo-management application's read-only layer.
That way if an application happens to have the ability to view multiple
document types (e.g. photos and videos) the user can explicitly load
both data-sets (via a compound query) into the application's
working-space. The definition of the smart folder would be itself a
document in the Journal, and a user could re-use it by opening and
editing it (on save it would be versioned, as with any other resource).
If the user wanted the photo application to just have access to the
images from last Friday for this session (because they want to use it to
manage files in a presentation, for instance) they could restrict the
Journal search to that date and load the result-set. Alternately, if
they just wanted to run the application against a Journal project-space,
they could load that project space and work with just the subset of
files in that space.
This would seem to be more transparent than having data-type (or worse,
file-extension) based permission filters. It also represents a minimal
change to both the application and the general
Journal-as-file-system-view mechanism, merely allowing for saving "smart
queries" when doing a search. It would be convenient if it were easy to
add a Journal entry including the application and the smart query
"document" in the application launch menu, but that's another issue.
Example interactions:
Image Viewer for All Images in the last 3 Days
* Open File(s) (Journal Viewer application pops up with Journal view
by default)
* Choose File Types
o Choose Category Image
+ Optionally choose Sub-category
o Add Filter Date (choose: "in the last three days")
* Save Query as a Smart Folder
* Ok
Reopen Image Viewer for All Images in the last 3 Days
* Open File(s) (Journal Viewer application pops up with Journal view
by default)
* Choose Smart Folders
o Choose the saved query
Archiver/Packager for all files in a given Project (e.g. a zipfile creator)
* Open Files(s) (Journal Viewer application pops up in Journal view)
* Choose the Journaled session/project
My point here being to make the Journal interaction consistent as far as
the security system goes. That is, there's no exception for the
"special" application, the user explicitly grants it access to the files
to which they want to grant it access, they merely do so via a query
mechanism, rather than the browsing mechanism of the regular Journal view.
HTH,
Mike
[1] http://wiki.laptop.org/go/OLPC_Bitfrost#P_DOCUMENT_RO
[2]
http://wiki.laptop.org/go/Correlating_Bitfrost_and_Threats#Safest_Categories_for_Application_Installation
--
________________________________________________
Mike C. Fletcher
Designer, VR Plumber, Coder
http://www.vrplumber.com
http://blog.vrplumber.com
More information about the Security
mailing list