Skip to end of metadata
Go to start of metadata
03.SECURITY.R1 RS3.2 The ResearchSpace system is an online environment accessed using web browser
03.SECURITY.R2 RS3.2 Authentication needs to initiate the authorisation of the components provided by the Content Management System, including the CMS social networking tools, document libraries and asset libraries, as well as authorisation to the RDF project store to which the project has access mainly through the research tools.
03.SECURITY.R3 RS3.2 All projects are authorised to use the shared CMS and RDF components and data stores.
03.SECURITY.R4 RS3.2 All authentication and authorisation should occur through single sign on. Users authenticate using a Content Management System login plug-in. This should be configured to use LDAP
03.SECURITY.R5 RS3.2 The architecture will be as follows;
-          The user logs on once using the CMS logon mechanism.
-          The logon is directed to the LDAP authentication system.
-          The authentication returns a user ticket indicating the groups that the user belongs to.
-          The user requests services from the CMS which are authorised by the LDAP service
-          The user requests services from the RDF Store which are authorised by the LDAP service
03.SECURITY.R6 RS3.2 Interfaces:
-          CMS Login Point – The physical login environment is provided by the CMS.
-          CMS Project Environment – A successful user logon allows the user to progress to the project environment created within the CMS.
-          Project Collaboration Tools – CMS uses LDAP to authorise internal security for the social networking tools. 
-          Project Document and Asset Libraries – CMS uses LDAP groups to provide authorisation to the shared and project document libraries.  
-          Shared Document and Asset Libraries – CMS uses LDAP groups to provide authorisation to the shared and project asset libraries.
-          Project RDF Store – RDF management system uses LDAP to determine access to project stores.
-          Shared RDF Store - RDF management system uses LDAP to determine access to the shared store.
03.SECURITY.R7 RS3.2 Although a user may have access to one or more project stores and therefore one or more collaboration areas, the user must only be able to access one project at a time. If a user is a member of more than one project they will be asked to choose their context for their session.
03.SECURITY.R8 RS3.2 The login process should use SSL encryption (https) as should use an LDAP connection (LDAPS).
03.SECURITY.R9 RS3.2 Once users are authenticated they would use the inbuilt security system for reading, writing, etc. The environment would be setup to deploy these rights through CMS roles: ResearchSpace Administrator, Project Lead and Project Member. These are the default roles for ResearchSpace.
03.SECURITY.R10 RS3.2 RDF data will be maintained in named graphs. Each project will have its own named graph alongside a named graph for the shared RDF repository. It is anticipated that ResearchSpace will operate one endpoint service for all named graphs and this means that queries can be federated across 2 named graphs (an RDF dataset comprising of the project named graph and the shared named graph) through one service. The default named graph is the shared repository.
03.SECURITY.R11 RS3.2 ResearchSpace user account access should be role-based but needs to provide authentication and authorisation for different systems, the collaboration (CMS) environment and the RDF database environment.
03.SECURITY.R12 RS3.2 Passwords should be encrypted and use at least 8 characters containing lower and uppercase letters and include a number.
03.SECURITY.R13 RS3.2 If a user submits a password incorrectly three times in a row the user will be locked out and require a reset by the project administrator(s).


The following rights are required (03.SECURITY.R11):

Role Project Forums Project Stores ResearchSpace
Stores
Other
ResearchSpace
Administrator
Administrator Administrator Administrator Access to project forums and stores will be determined by acceptable user policies. Has access to ResearchSpace dashboard and tools.
ResearchSpace
Support
Administrator Administrator Administrator Support for ResearchSpace tools and data issues
Project Administrator )(Lead) Administrator Administrator Write The user is a full participant in the project and the data analysis and generation. The user has access to the Project Lead dashboard and associated functionality
Full Project Team Member Write Write Write The user is a full participant in the project and the data analysis and generation. The user has access to a personal dashboard.
Collaboration Team Member Write None None The user has no access to a data store and can only use the collaboration tools, but not the research tools.
Project Observer Read None None The user is a guest to the discussion forum and there is no data store for the project or the user has no access.


Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.