Skip to content

Entitlement Inheritance

Status

  • Proposed
  • Trialing
  • Under review
  • Approved
  • Retired

Context & Scope

The OSDU data platform supports data derivatives as part of enrichment steps. These derivatives can be created from multiple parent sources; each with a different entitlement model.


graph LR

    P[Enrichment]
    S1((Source 1))
    S2((Source 2))
    S3((Source 3))

    style S1 fill:#f9f,stroke:#333,stroke-width:2px
    style S2 fill:#9ff,stroke:#333,stroke-width:2px
    style S3 fill:#ff9,stroke:#333,stroke-width:2px

    R((Result))

    S1 --> P
    S2 --> P
    S3 --> P
    P --> R

The entitlement of the Result can be a function of the Entitlements of each of the sources, the enrichment that was performed and the organization that created it.

Decision

For R3 we will explicitly define the entitlements for the Result instead of trying to compute it from its source(s) or traversal of its source(s).

Rationale

This will ensure that entitlement and performance of evaluation is deterministic.

Consequences

Derivative data from multiple sources will have to be tagged explicitly.

When to revisit

After R3 when we have experience and better understand the implications on

  • usability
  • performance
  • maintainability

Trade-off Analysis - Input to decision

We could try to compute the entitlements based on lineage; however, there is no guarantee that the information required to do this properly would be both available and complete.

This places the burden on establishing access rights for derivative data on the producer of this derivative. This producer would then explicitly access to the new data to other interested parties.

Alternatives and implications

  • Lineage traversal: Looking at all ancestor data in real time to evaluate right of access. This would rely on having all the information required to calculate access rights correctly and would have performance implications.
  • Calculated Entitlement: This would avoid the performance issues of the above; but would still require access to all the information required to assess access rights; including from the producer of the derivative.

Decision criteria and trade-offs

  • Correctness
  • Determinism
  • Usability
  • Performance

Decision timeline

July 2020

Edited by Dmitriy Rudko
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information