Hello Rosario:
A complete security policy would, as you say, employ an encrypted
Venue and some changes to the roles/actions for a Venue. We have,
unfortunately, not clarified the changes that must be made to the
actions list to prevent entry or access to critical data.
Rather than do that, though, I'd recommend this:
- Add the users you want to allow into the Venue to the AllowedEntry
role. This will allow these users into the Venue, and allow them to
perform the actions that are, by default, allowed to venue users.
- Unauthorize all actions for the Everybody role. For a secure Venue,
you don't need to allow random people to perform any actions whatsoever.
If you want to make the Venue publicly accessible again later, you can
again authorize the set of actions for the Everybody role.
If you have more questions, please don't hesitate to ask.
Tom Uram
On 2/15/06 7:12 AM, Rosario Lombardo wrote:
Hello everybody,
in order to enforce a security policy for a Virtual Venue Server are
required encrypted Venues and a some control over Actions and Roles
(maybe something else?).
- Specifically, which set of actions (dis/)allow uploading and
deleting files, starting/deleting SharedApp sessions, and similar
simple tasks?
- More generally speaking, which set of actions are involved in a
less simpler security policy dealing with various authorization
classes (Roles)?
I had a look at the docs, API, and also to AGEP-0105.txt draft, but I
can't find any single description of the dozens of actions,
differently grouped in Server Security and Venue Security tabs.
Thanks,
\\Rosario
--
Rosario Lombardo
Information Science and Technology Institute (ISTI) - Cnr, Italy
rosario.lombardo@isti.cnr.it <mailto:rosario.lombardo@isti.cnr.it>
*-* http://hpc.isti.cnr.it/~lombardo
<http://hpc.isti.cnr.it/%7Elombardo>
phone: +39 050-315-3076