June 29th presentation at the session "Extending DSpace" of the Open Repositories conference 2017.
The presentation covers the Metadata Based Access control feature, publicly available in the following codebase: https://github.com/milieuinfo/dspace54-atmire
The talk gives general insights in how the probability and impact can be assessed on two examples of risk: unauthorized access and losing all your data.
6. Metadata based access control
Using EPerson characteristics and Item
characteristics to determine whether the
EPerson is entitled to access the item.
Example:
An exact match between a social security
number or an email address on the EPerson
and on the metadata of the item.
7. Advantages
Scale
No identified limits on number of EPeople, items or
groups
Performance
No identified limits on search or item access volumes
Can be managed outside of DSpace
Both EPerson and Item metadata can be sourced
externally
Configurable
9. Disadvantages
Edit metadata = Edit authorizations
Be very careful of who or what has rights to edit metadata
Your metadata becomes even more sensitive
The impact of unauthorized access to item metadata may
become more severe
14. Example 1: Unauthorized access
Impact
High if you're dealing with sensitive data
Low if you're dealing with public/non-sensitive data
Probability
The harder it is for people to access your system, the lower
The longer you wait with security updates, the higher
15.
16. Example 2: Losing all your data
Impact
High if you're dealing with data that only exists in one place
Low(er) if data exists in multiple places
Probability
What does "losing" mean?
What does "all" mean?
17. Actionable takeaways
Code available on
https://github.com/milieuinfo/dspace54-atmire/
Feel free to (re)use what you want
Assess the severity of your risks by thinking about
the associated probability and impact.