If the repository is to become anything other than a final destination for public objects, then the user needs control over access. This control must be able to ALLOW access to the objects by colleagues, wherever they work, as well as prevent access by others.
I agree with this. At the recent workshop on repository architecture I argued that to some extent you could view repositories as simple a set of conditions of access rather than anything else.
Currently access is often granted implicitly on the basis of 'where' the file lives. e.g. if it is on a personal computer or memory stick it is restricted to the 'author', if it is on a shared drive, it is restricted to a trusted workgroup, and if it is 'in the repository' it is availble to anyone (for read only).
If we view these 'locations' as permissions sets instead we blur the lines between 'where' an object is, and who has what access to it. I argue that the latter part is really what matters, and the 'where' leads to confusion about what we are doing.
Owen, I like that. And those "places" are re-inforced by a bunch of institutional mechanisms, many of which are not helpful in supporting the users with their tasks.
Object disclosure control is crucial to this [Research Repository] system working. Many digital objects in the system would be inaccessible to the general public (unless you are working in an Open Science or Open Notebook way). You need to be able to keep some objects private to you, some objects private to your project or group (not restricted to your institution, however), and some objects public. There should probably be some kind of embargo support for the latter, perhaps time-based, and/or requiring confirmation from you before release. And since some digital objects here are very likely to be databases, there are some granularity issues, where varying disclosure rules might apply to different subsets of the database. Perhaps this is getting a bit tough!
Vote Up
Vote Down
Post New Comment
Close