1 / 39

Sakai 2.1 Framework Changes Overview Draft - 08-03-2005

Explore the significant changes in the Sakai platform from version 2.0 to 2.1, focusing on features like defining subsections, controlling object display, and section membership management. Understand the proposed framework modifications to support user requirements and course management. Learn about the Section Tool's key role and its impact on the user experience.

yessenia
Download Presentation

Sakai 2.1 Framework Changes Overview Draft - 08-03-2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sakai 2.1 Framework Changes OverviewDraft - 08-03-2005 Charles Severance csev@umich.edu

  2. Major Issues to be Solved in 2.1 • The ability to define subsections within a class • The ability to control the display or sorting of objects (like announcements) based on section membership • The ability to sort and filter data within tools (like the grade book) based on section membership and other section information such as role • The ability to control within Sakai the membership and roles of sections within courses. This is called the “Section Tool”.

  3. Outline • End-User Requirements - Sections, Groups, and Course Management • Proposed framework changes to support these requirements • Appendix S: SQL Statements

  4. User Requirements, Sections, and Course Management

  5. Section Tool • The section tool is being specified separately and is outside of the scope of this document

  6. Sakai 2.0Current Capabilities Admin Annc Sched Push Sakai Legacy APIs (Site, Realm) Pull Enterprise Data

  7. Sakai 2.1CM API Section Tool Push Sakai Common APIs (Agent, Group, AuthZ) Course Management API Pull SIS Data

  8. Sakai 2.0 - Site or Public Publishing

  9. Display to Members (default) Display to Non-Members Display to Selected SubGroups Section 001 Section 002 Section 003 Sakai 2.1 Section Aware GUI - Subgroup Publishing

  10. Site Sakai 2.1 Section Aware Tools Samigo Grade Book Section Tool Annc Sched Sakai Common APIs (Agent, Group, AuthZ) Course Management API SIS Data

  11. Sakai 2.1 Groups Site: EECS280

  12. Lead Member 2.1 Group Tool Assign Permissions Manage Groups View GroupsAdd MemberAdd Role Editing Group: Green-Group User ID Role in Group Sally Lead Joe Member Ana

  13. observe access maintain Display to Members (default) Display to Non-Members Display to Selected SubSItes Green Red 2.1 Site - Permissions Tool Permission Set New AubSite SubSite: Green csev maintain Green (group) access Lead maintain Member access SubSite: Red csev maintain Red (group) observe Lead maintain ViceLead access Member Yes indicates group is to be included in SubSite lists

  14. Display to Course (default) Display to Non-Members Display to Sections Section 001 Section 002 Permission Set 2.1 Site - Permissions Learning Context Instructors maintain Chuck’s Helpers maintain Section 001 Section-001 (group) observe Section Lead access Student observe Section 002 Section-002 (group) observe Section Lead access Student observe View/edit in Section Tool View/edit in Groups Tool

  15. Overall Flow for 2.1 (Learning) Site Samigo Grade Book Section Tool Annc Sched Sakai Common APIs (Agent, Group, AuthZ) Course Management API SIS Data

  16. Overall Flow for 2.1 (Research/Project) Site Annc Sched Sakai Common APIs (Agent, Group, AuthZ) External Information

  17. Section Aware Facade Site Samigo Grade Book Section Tool Annc Sched Section Aware Facade Sakai Common APIs (Agent, Group, AuthZ) Course Management API SIS Data

  18. Issues • How does worksite setup “course” mode change? • At some level if all course sites are pushed from the CM API, then this feature should likely be disabled. Some sites may prefer to use worksite setup and the pull providers and others will exclusively use worksite setup for project sites.

  19. Summary - Part I • This document describes how a generic, group and sub group permission model will be supported by Sakai’s common APIs and how that generic model will be connected to the new CourseManagement API and sectioning tool so as to produce a highly learning contextualized administration environment where appropriate. • The Sakai software can operate without the CourseManagement API and Section Tool in those non learning environments.

  20. Framework Implementation Details

  21. annc.read annc.write sched.read sched.write annc.read annc.write sched.read sched.write annc.read sched.read annc.read sched.read access access maintain maintain Announcement Manager Calendar Manager Sakai 2.0 S15 | S16 A1 Sched A1 A2 A2 C2 ANNC C1 A3 Thread Context:S15 Site Manager S15 S16 Sched Home ANNC ANNC Realm: 15 Realm: 16 csev josh ggolden ray dogle oliver

  22. annc.read annc.write sched.read sched.write annc.read annc.write sched.read sched.write maintain maintain annc.read sched.read annc.read sched.read annc.read sched.read access access access maintain annc.read annc.write sched.read sched.write A30 Grant Capabilities in 2.0 S15 Sched ANNC A31 Grant Capabilities in 2.1 A30 A31 Student S15 Sched contextNode ANNC N20 Student A32 G40 A33 annc.write TA A15 G50/TA G50/Learner

  23. N1 G49 Nodes and Grants in a Hierarchy G50 maintain access N15 G51 access N16 G52 S15 N20 access Sched ANNC G49 G49 maintain maintain N17 N19 G50/Learner N18 G52/Learner access access maintain G50/TA maintain G52/TA

  24. G49 maintain StoringObjects/Entities N20 G50 access G49 maintain A53 N17 N19 G50/Learner N18 access Display to Members Selected SubGroups G50/TA maintain A51 A56 A52 Display to Members A57 Display to Members Selected SubGroups Selected SubGroups N17/G50 N17/G50 N18/G51 N18/G51 N19/G52 N19/G52

  25. Display to Public Authorized Users Display to Members Selected SubGroups Display to Public Display to Members Selected SubGroups G49 AUTHZ onEntities maintain A59 G-Auth annc.read N20 G50 access G49 maintain N17 G50/Learner access G50/TA maintain A58 G-Auth/Faculty annc.read Display to Public A53 G-Anon Authorized Users annc.read Faculty Students Display to Members Selected SubGroups

  26. G49 FlexibleInheritance maintain N20 G50 access C92 G49 G-Anon maintain content.read N17 N22 C91 G50/Learner access C93 G50/TA maintain C94 G49 N21 N23 maintain C95 N26 N24 A007 maintain content.read content.write A99

  27. G49 G63 Non-Blockable(or admin)Grants maintain maintain N20 G50 access C92 G49 G-Anon content.read N17 N22 C91 G50/Learner access C93 G50/TA maintain C94 G49 N21 N23 C95 N26 N24 A007 maintain content.read content.write A99

  28. “unBlockablein every way…” N1 G85 G86 *.* access S11 Sched G87 ANNC G49 maintain N15 G50 maintain access N16 G51 S15 N20 Sched access ANNC access G52 N17 N19 G50/Learner N18 G52/Learner access access maintain G50/TA maintain G52/TA

  29. Block-awareTransitive Closure N15 N20 N17 N22 N29 N23 C93 A99 content.read

  30. G86 A45 Can Agent A45 read Content Blob C93? N15 access G49 maintain G50 access N20 access G51 N22 N29 C93 A99 content.read

  31. Needed Changes to Common APIs • Permissions need some alteration • Permission sets need to be supported • SuperStructure needs to understand adding a node with inheritance blocked. • AuthZ queries need some rework :) • None of this is particularly difficult

  32. Needed Changes to Legacy API IMPLs • For those legacy application API implementations, they will need to track the Node(s)/Context(s) from which their objects inherit permissions. • When asking authz questions, the API impl code will need to provide the node(s) which apply for the object. • If none are specified, the current node/context will still be used - for upwards compatibility with the 2.0 style of object authorization. • If fine-grained object level AUTHZ is needed, the API impl will need to make the API calls to set the fine-grain AUTHZ

  33. Summary - Part II • This provides a flexible and high performance authorization/inheritance structure which will satisfy requirements well beyond the 2.1 stated requirements. • This is just a draft - comments to csev@umich.edu

  34. References • XACML Working Group • http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml • XACML 2.0 - Hierarchy and Roles • http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf • IMS Enterprise • http://www.imsglobal.org/enterprise/entv1p1/imsent_infov1p1.html • WEBDAV Access Control • http://www.ietf.org/rfc/rfc3744.txt • http://webdav.org/specs/rfc3744.pdf

  35. Appendix S - SQL Layout

  36. N15 N20 N17 N22 N29 N23 Inheritance Table

  37. G86 N15 access G49 maintain G50 G50/TA access N20 maintain N17 N22 A99 C94 N29 N23 content.read C95 C93 Grant Table * The grants are slightly changed from earlier examples to show more detail

  38. Looking for C93

  39. Looking for C94

More Related