Feature Wiki

Information about planned and released features

Tabs

Token Authenticated Access to Resources

Page Overview

1 Initial Problem
2 Conceptual Summary
- 2.1 Scope
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
- 3.4 Accessibility Implications
4 Technical Information
5 Privacy
6 Security
7 Contact
8 Funding
9 Discussion
10 Implementation

If you need any help in filling out this wiki page, please visit our ILIAS Community FAQ. And please complete the metadata information in the right column after having created the page.

1 Initial Problem

Exchanging files with ILIAS is currently very hard, especially with 'outside parties', i.e., with users not having an account on the instance.
This occurs regularly when providing reports, memberlists and the the like, but also when retrieving files from the outside, e.g. external data to be imported, especially when the data is automatically provided by machines.

The following will describe a Token Authenticated Access to Resources, which is more of a general concept, but it will open up various possibilities of concrete usecases, be it user collaboration, desktop extensions, machine access or providing portfolios to others.

2 Conceptual Summary

We propose to implement a Token Authenticated Access to a collection of Resources.
Using the Service (from outside ILIAS) will require the knowledge of a complex url (the token), but not an active user account.

A token will map to an instance of an IRSS Stakeholder and possibly to a ResourceStorage Collection;
all known principles of Stakeholders, like preprocessors and notifications, apply.

The Service will verify the token and either serve a GUI to up- and download files to/from that Collection when called in a browser, or, when called from a script, no GUI at all.

Thus, the suggested service is not really another layer to the IRSS, but rather adds the definition of Origins, i.e. shareable means of access to a distinct collection of resources bound to a stakeholder.

There will also be the need to define quotas, in general and for specific Origins.

2.1 Scope

The primary goal of the project should be to provide the backend mechanics of Origins, token handling (creating, authorizing, (temporarily) invalidating, ...) and respective interfaces/abstracts to then manifest "visible" features.

However, since there already is the 'Personal and Shared Resources' entry in Personal Workspace as well as the 'Resource Overview' in the File Services Administration, there are proper places to be amended with the management of Origins. An implementation offering users to create and manage token-accessed collections might provide good examples of using the Service.

3 User Interface Modifications

3.1 List of Affected Views

Administration, File Services
new tab 'Personal File Drops'
with subtabs 'General Settings' and 'Overview'
File Drop
new GUI, a page providing acces to the resource collection.

for Personal File Drops:

Administration, Personal Workspace
add the 'enable Personal File Drops' option
Personal and Shared Resources
new tab 'Personal File Drops'

3.2 User Interface Details

{ For each of these views please list all user interface elements that should be modified, added or removed. Please provide the textual appearance of the UI elements and their interactive behaviour. }

3.3 New User Interface Concepts

{ If the proposal introduces any completely new user interface elements, you might consult UI Kitchen Sink in order to find the necessary information to propose new UI-Concepts. Note that any maintainer might gladly assist you with this. }

3.4 Accessibility Implications

{ If the proposal contains potential accessibility issues that are neither covered by existing UI components nor clarified by guidelines, please list them here. For every potential issue please either propose a solution or write down a short risk assessment about potential fallout if there would be no solution for the issue. }

4 Technical Information

{ The maintainer has to provide necessary technical information, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues. }

5 Privacy

{ Please list all personal data that will need to be stored or processed to implement this feature. For each date give a short explanation why it is necessary to use that date. }

6 Security

{ Does the feature include any special security relevant changes, e.g. the introducion of new endpoints or other new possible attack vectors. If yes, please explain these implications and include a commitment to deliver a written security concept as part of the feature development. This concept will need an additional approvement by the JourFixe. }

7 Contact

Author of the Request: Haagen, Nils [nlz]
Maintainer: {Please add your name before applying for an initial workshop or a Jour Fixe meeting.}
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

8 Funding

If you are interest in funding this feature, please add your name and institution to this list.

9 Discussion

Schmid, Fabian [fschmid] 2023-05-05: Thank you for this suggestion! I think the idea of token-based exchange of resources is very good and I also see a direct use case that we should offer in the process:

Especially the case that a user wants to receive files from external sources is currently quite difficult to cover in ILIAS. I would suggest that users can create "file drop containers" themselves and provide them with a token. This generates a URL on which external users can add files to this container (technically a ResourceCollection) via a drop zone. The tokens must have a runtime and must be able to be renewed. In addition to the drop zone page, we would also implement a headless mode so that such file drop containers could also be filled automatically.

In the other direction, tokens could be used to offer temporary access to resources or resource collections so that external users can access them without a login. here, too, a headless mode is important in addition to a GUI view so that these contents can also be accessed by machines.

I would be very happy if we planned the entire token mechanism (two-way) together and implemented it in the service, so that this mechanism would be available in the future for features such as those mentioned above.

10 Implementation

{ The maintainer has to give a description of the final implementation and add screenshots if possible. }

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Privacy

Information in privacy.md of component: updated on {date} by {user} | no change required

Approval

Approved at {date} by {user}.

Last edited: 5. May 2023, 08:39, Schmid, Fabian [fschmid]