[deepamehta-devel] Upcoming DM 4.5: extended collaboration and privacy
jri at deepamehta.de
Sat Dec 13 22:17:27 CET 2014
DM's basic infrastructure for collaboration was already laid down in version 4.0.12 (more than 2 years ago) but there were serious lacks:
- The Access Control Lists that govern the sharing were not configurable by the user. There was no GUI to do that.
- The Webclient GUI had weak support for the Workspaces despite DM's workspaces are a central concept when it comes to sharing.
The highlight feature of upcoming DM 4.5 will be revised collaboration features and true privacy. For the first time a DM installation can hold private and shared data at the same time.
Instead of requiring the user to laboriously configure the Access Control settings on a per-topic/association basis DM 4.5 comes with an extended Workspace concept. Each workspace will have a "Sharing Mode" to let the user control how (if at all) the content of that workspace is accessible by others. Thus in DM 4.5 each topic/association automatically inherits its Access Control settings from the workspace-level.
DM 4.5 will come with predefined 5 "Sharing Modes" to accommodate typical sharing scenarios:
1) Private - Only the workspace owner (the user who created it) has access to the workspace content. Use this as your private sphere.
2) Confidential - Workspace members have READ access to the workspace content but no WRITE access (which includes creating, editing, deleting). Use this to make certain content visible to a selected group of users, but prohibit changes.
3) Collaborative - Workspace members have WRITE access to the workspace content. Use this to work collaboratively on certain content within a selected group of users.
4) Public - Every internet user gets READ access to the workspace content. Use this to publish content but prohibit changes.
5) Common - Every internet user has full READ and WRITE access to the workspace content. Use this for editing common knowledge in a Wiki-like fashion.
Along with the concept of a "Sharing Mode" comes some basic DM model changes:
- each topic or association is assigned to exactly ONE workspace.
- a user can be a member of one or more workspaces. There is a dedicated Membership association type for connecting User Names (not User Accounts!) to Workspaces (use "Default" as the Role Types).
Also the Webclient GUI has crucial changes:
- When creating a workspace the user sets the "Sharing Mode" for that workspace.
- The Workspaces menu lists only the workspaces the user has access to (depending on the login state).
- The Topicmaps menu lists only the topicmaps that are assigned to the selected workspace. As a consequence when switching a workspace the Topicmaps menu, and thus the visible Topicmap changes as well. So the user is able to experience a workspace as a navigatable sub-space and a place for collaboration.
- The Webclient remembers the selected topicmap on a per-workspace basis. This is to provide a sense of place in the face of context switches.
- A Topicmap can contain both, private and shared content at the same time. What the user sees depends on the login state. A user can e.g. bring shared topics/associations to hers private topicmap and annotate them with private notes. These notes (and its associations) will not be visible/navigatable by other users then.
For the developer Access Control is mostly transparent. It is just enforced by the Core. The developers uses the DM APIs just like before, with some differences:
- When accessing a single object the current user has no access to an exception is thrown and (in case of a RESTful API) an error response is generated.
- When accessing a collection of objects the Core filters out the objects the current user has no access to.
More details about the new Access Control concept are described in this ticket:
You can already test all this features with the current SNAPSHOT release:
There are still issues. However I would appreciate your feedback very much.
DM 4.5 is scheduled for the end of this year.
More information about the devel