Location: Schlumberger, 5599 San Felipe, Houston, TX 77056
Thursday: Jan 9th
|Time||Topic (Breaks as required)||Who|
|8:30-9:00||Safety and Workshop briefing||Stephen|
|9:00-10:00||Review Current implementation||Hrvoje|
|10:00-11:00||Review OSDU Use Cases||Kerry|
|11:00-12:00||Review and prioritize Trade off points||Paco|
|12:00-13:00||Working lunch (delivered to the room)||All|
|13:00-15:00||Trade off analysis of use cases against development options||All|
|16:00-17:00||Prepare material for OSDU presentation||All|
Friday: Jan 19th
Present to OSDU IS Community
Preread is located in GitLab @
I will arrange a walk through of the material before the meeting on the 9th.
- Kerry to identify and invite participation from OSDU IS subcommittee (
- Joe, Dania, Ferris to identify and invite SME on security and policy
- We will support complex policies that are evaluated dynamically.
- Work needs to be done to collect examples of these policies
- We will review how to make these policies “expressible” from the perspective of an admin. The language of policy engines is powerful; but complex policies can look complex.
- We could use some help on the usability study because a LOT of policies will be unmanageable unless we think about the UI and how to organize them.
- We will look for an Open Source policy engine and replace the bespoke one that is in OpenDES.
- The evaluation will look at Usability and Expressiveness to make sure it meets the needs
- The evaluation will look at Performance and Latency to figure out
- where in the architecture / services it should be called
- where we need to collect the contextual information (user, location, contract, …) so that this does not become a bottleneck.
- We will not remove the OpenDES support for storage level ACLs
- Doing so would break every deployment of the data ecosystem and force reloading customer data we don’t have access to.
- We will continue to support Storage level ACLS for existing Deployments and for OSDU customers who wish additional security at the storage level
- If companies don’t want to use ACLs as additional security, then they can use a single service account for all queries and do all the entitlement management through policy.
The minutes of the meeting are kept at https://community.opengroup.org/osdu/documentation/-/wikis/OSDU-(C)/Architecture-Exploration-Topics/OSDU-R3-Architecture/Entitlements/Entitlements_Workshop/Meeting-Notes-from-Jan-9th-Workshop