Update README.md #219
Open
Update README.md #219
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update the readme to match the template. Signed-off-by: Clay King <[email protected]>
adpaco-aws
reviewed
Jul 14, 2025
| # Document Cloud Drive Use-Case | ||
|
|
||
| Envision a cloud-based document sharing system, like Google Drive or Dropbox. This system can be used by a single user, who is working on documents across multiple of their personal computers, by multiple users, who are collaborating on a shared set of documents, or by the public as a hosting solution. Users need to be able upload, delete, and modify the sharing permissions on their documents. Users also need to be able to view, comment on, and and modify documents that they have access to, while the system enforces correct access control logic. Since this is a multi-tenant system, it must be robust to cross-user abuse. This system includes a blocklist feature to prevent that. | ||
| This examnple explores the authorizazation model for a cloud-based sharing system. |
There was a problem hiding this comment.
Suggested change
| This examnple explores the authorizazation model for a cloud-based sharing system. | |
| This example explores the authorization model for a cloud-based sharing system. |
|
|
||
| ## Use-case | ||
|
|
||
| Envision a cloud-based document sharing system, like Google Drive or Dropbox. This system can be used by a single user who is working on documents across multiple computers, by multiple users who are collaborating on a shared set of documents, or by the public as a hosting solution. Users need to be able to upload, delete, and modify the sharing permissions on their documents. Users also need to be able to view, comment on, and modify documents that they have access to. The system enforces correct access control logic. Since this is a multi-tenant system, it must have a mechanism to protect against cross-user abuse. This system includes a blocklist feature to accomplish this. |
There was a problem hiding this comment.
We could be more precise and say "Since this is a multi-tenant system, it must have a mechanism to prevent unauthorized cross-tenant access."
| * Public: Can the public view/edit/comment on the document | ||
|
|
||
| It is always enforced that only the owner can delete or edit the sharing state of a document | ||
| * Access-control List (ACL): List of users/groups that are allowed view, groups allowed to comment, groups allowed to edit, groups allowed to manage. |
There was a problem hiding this comment.
Suggested change
| * Access-control List (ACL): List of users/groups that are allowed view, groups allowed to comment, groups allowed to edit, groups allowed to manage. | |
| * Access-control List (ACL): List of users/groups that are allowed to view, groups allowed to comment, groups allowed to edit, groups allowed to manage. |
There was a problem hiding this comment.
On a second thought, maybe we can avoid repeating "groups allowed to" here? I suppose ACLs are really just a way to define users/groups allowed view, comment, edit or manage documents.
Comment on lines
-96
to
+123
| * `EditPublicAccess`: Anyone who has manage access can do this. | ||
| * `EditPublicAccess`: Anyone who has edit access can do this. |
There was a problem hiding this comment.
This doesn't sound right.
Comment on lines
+94
to
+96
| * `viewACL` a `DocumentShare` | ||
| * `modifyACL` a `DocumentShare` | ||
| * `manageACL` a `DocumentShare` |
There was a problem hiding this comment.
Suggested change
| * `viewACL` a `DocumentShare` | |
| * `modifyACL` a `DocumentShare` | |
| * `manageACL` a `DocumentShare` | |
| * `viewACL`: a `DocumentShare` | |
| * `modifyACL`: a `DocumentShare` | |
| * `manageACL`: a `DocumentShare` |
| * `blocked` a set of EUIDs of type `User`. | ||
| * memberOf: `Group`, can be a member of any group. | ||
| * `personalGroup` a `Group`, links to the group containing exactly this user | ||
| * `blocked` a set of `User` entities. |
There was a problem hiding this comment.
Suggested change
| * `blocked` a set of `User` entities. | |
| * `blocked` a set of `User` entities. |
Comment on lines
+34
to
+38
| ### `CreateDocument` | ||
| Create a new document in the system. Any authenticated user can do this. | ||
|
|
||
| ### `ViewDocument` | ||
| Users must be on the ACL for the document. |
There was a problem hiding this comment.
Not sure we should be using subsections here.
| Finally, let's look at the policies for permission management. | ||
| ## Policies | ||
|
|
||
| ### Creating Documents: |
There was a problem hiding this comment.
Suggested change
| ### Creating Documents: | |
| ### Creating Documents |
Comment on lines
-129
to
-134
| Any authenticated user should be able to make a document. Since the only valid principal-type here is `User`, this accomplishes that. However, the “authenticated” part isn’t anywhere *in* the policy, and isn’t checked at runtime. | ||
| There are a couple of solutions here: | ||
|
|
||
| 1. Create an entity `Users::"AllUsers"` that every user is a part of. This makes the graph rather big, but maybe we don’t care. | ||
| 2. An `is` operator, ex: `principal is User` | ||
| 3. Runtime enforcement of action types. |
There was a problem hiding this comment.
Why are we removing all this content?
| **Note**: `alice_personal` doesn't need to be a child of this because Alice owns the documents she creates by default. | ||
| * There is 1 `Document` entity, `alice_public`. | ||
|
|
||
| Here are some authz requests to test, included in the `ALLOW` and `DENY` folders: |
There was a problem hiding this comment.
Why abbreviate here?
Suggested change
| Here are some authz requests to test, included in the `ALLOW` and `DENY` folders: | |
| Here are some authorization requests to test, included in the `ALLOW` and `DENY` folders: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update the readme to match the template.
Signed-off-by: Clay King [email protected]