Access Control Planning **

Context

This pattern should help in making choices about the access control system in the planning phase of a collection.

Description of pattern

This pattern relates to general considerations of access control in digital collections. It is an general access control pattern.

Problem description

When publicising a collection thought must be given to the presentation of material to the public or parts thereof.

What are the rights and what are the presentational requirements? If there is a need for online presentation, and if not; is access control required in a traditional login form.

When access control is needed at a level of granularity of individual login, problems arise if there is a Single Point of Failure (SPoF). It must be noted that a more coarse granularity is not the same as a removal of the SPoF problem.

Solution

The access control of users should support at least two different methods, a SPoF should be avoided.

The different methods do not need to support the same granularity of login, although it is often desirable. A system may operate with a backup procedure of local access only, it will not operate with no access.

If the granularity of the different login techniques allow it make a fall-back solution to allow for unexpected breakdowns. If not have policies in place for when breakdowns occur. And communicate to the end-user that all possible is being done.

Consider next

The actual implementation of access control on the collection(s), see pattern(s):

Collection Access Control

GuidelinesForNewDatamodel/PatternLanguage/Access_Control_Planning (last edited 2010-09-30 08:17:28 by eab)