Hi Michael,
> I thought the complete day about how to implement your idea but then
> somebody comes up with question, what happens if the last admin from a
> multi approval scenario find an error in the first object but wants to
> sign the other n-1 objects?
don't spend too much time on this, it was only a thought. BTW, I know
there is a lot of stuff to consider. I implemented a "legitimation
framework" in a former project, and we had the same problems.
We did it that way that a request/object that was in the approval
process (at least one approval given) could not be modified. Either
the whole transaction is discarded (all already given approvals
are invalidated) or after all approvals are given the transaction
is completed.
IMO, it should also not be possible to approve n-1 objects.
> The next question (from me) was how should an operator on a web frontend
> safely sign several requests? I think he would simply lose the overview.
> I only know one situation where several objects must be signed and this
> is the batch system but this system can already do this by signing every
> request (one-by-one). So is a method for grouped signing really required?
You are right, it is difficult to represent. Thus the thought of
using XMl to bind objects and sign the XML.
And NO, I do NOT think we will need signing multiple objects, so we
shouldn't bother any longer about this.
> The next question is the signing itself. Would it be a good idea to
> create a table for approved actions which includes action, object_type,
> object_id, user and method (plus data and format)? This would allow
> 4-eyes-principle and other things without singing. Signing could be
> still added by an own table which references to the action (and not to
> the object itself). The table is a first idea how to implement your
> approval handle (but more generalized).
This sounds sensible, it was roughly how we did it in the other
project and it proved to be useful.
So what you propose is:
-- 1:1 -- Action
Object -- 1:n -- Approval -- 1:1 -- Action
-- 1:1 -- Action
Correct?
Martin
-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
