CTSC and Wildbook (formerly called IBEIS) implemented an RBAC prototype using the open source wso2.com software, which implements the System for Cross-domain Identity Management (SCIM) and eXtensible Access Control Markup Language (XACML) standards. This prototype defined multiple roles and access policies:
| Roles Media Asset Contributors Annotation Contributors Data Curators Data Managers Organization Members (Users) Organization Administrators Platform Administrators | Policies Create/Read/Update/Delete media assets, annotations, encounters, etc. Assign roles to users Share org A data with org B Access to APIs |
The prototype demonstrated the ability to implement access policies using the XACML Subject-Resource-Action pattern. For example:
| Subject (Role) | Resource | Action |
| Organization Member | Media Asset | Create/Read |
| Data Curator | Annotations | Create/Read/Update/Delete |
| Organization Administrator | Organization Policy | Create/Read/Update/Delete |
| Platform Administrator | Organization | Create/Read/Update/Delete |
Tanya Berger-Wolf (Wildbook) and Jim Basney (CTSC) presented the results of the collaboration at the July 2016 International Conference on Computational Sustainability (http://www.compsust.net/compsust-2016/).
The next step will be to schedule a follow-on engagement to take the lessons learned from the prototyping exercise to deploy XACML-based RBAC in the online Wildbook system.
To learn more about Wildbook/IBEIS, watch the livestream at 8:45am EDT on Thursday, October 13 (or the recording to be published after) of Professor Tanya Berger-Wolf presenting at The White House Frontiers Conference: http://frontiersconference.org/tracks/national
To apply for a one-on-one engagement with CTSC, visit: http://trustedci.org/application/
