Guidelines for setting CHEESE document access policies

This policy guideline covers document access policy management for the CHEESE (tm) secure web data wrapper.

Last revision: October 31, 1996.

A typical document access policy for a particular document will contain two lines that govern access policy:

# this controls document access for our entire tree.

allow acis fac staff 
expire 5 m

The two keywords allow and expire are used to determine who can access a particular document or document tree as follows:

allow: who can look at this document. In order to permit a user to access the document, the user must have one of the specified names in his affiliation field in the lookup database or in our local affiliations file. One can also put here 'allow ALL' which permits anyone who can log in to get access; or 'allow NONE' to deny everyone access. This field is required.
expire: how long a ticket is good. Valid entries: never (the user must log in every time he or she wants access), always (a ticket is good as long as it is in the ticket db), %d h (number of hours), %d m (number of minutes). This field is required.

The folowing guidelines explain how you can balance session tracking and authentication needs for your data, in your document access policy.

You will also want to weigh the inconvenience to your users of passing through the login screen against the degree of security that you gain by requiring frequent authentication.

You might use 'expire always'

for cgi scripts that should only be run once; for data in which your security interests are very strong and you have no interest in tracking session information.

Examples:

A cgi script that retrieves a student's grades
A cgi script that allows a staff member to change directory or benefit information

You might use 'expire 5 m'

for cgi scripts that require ISINDEX but for which otherwise you would want the user to log in every time; for forms that should be executed only once; for data in which your security interests are very strong and you have only a mild interest in tracking session information.

Examples:

A form for student voting and the cgi script it invokes
Library surveys

You might use 'expire 30 m'

for cgi scripts which access private information; for data in which you have some interest in session tracking, but more interest in keeping the data secure.

Examples:

A cgi script that retrieves a student's registration information
Commercial order forms which do not return sensitive information

You might use 'expire 4 h'

For data which is restricted by copyright, for fair use; for data which you need to protect but for which you want a great amount of session tracking information.

Example:

Course materials restricted to students enrolled in the course

You might use 'expire 8 h'

For data for which you want to keep complete tracking information, although rstricted to a only a certain class of users.

Examples:

Licensed core curriculuum materials
The Oxford English Dictionary
Museum images from the digital library collection