[OGo-Users] sharing contact attributes only between given users

[Helge Hess]

On 10.04.2008, at 15:35, Adam Tauno Williams wrote:
>>>> Technically we could map the codes to arbitrary fields removals.
>>> I don't really get the meaning of the last sentence.
>> What the flags do is clear out field the user has no access to. Eg if
>> he does not have the 'M' permission, we would reset the
>> '03_tel_mobile' field to nil after the fetch.
>
> Interesting.  And I assume on a write/put those fields are dropped out
> as well?

There is only one write permission, 'w'. Either you have it, or you  
don't. Maybe it makes sense to combine it with the other flags, don't  
know. I guess not.

> For some regulatory compliance [that mandates data hiding] we've had  
> to
> implement some kludges to get similar behavior.  We use an encrypted
> blob in an object property,  and if the user has access to the key the
> blob decrypts for display - but they aren't accessing the data via
> WebUI.  This makes the data encrypted on-disk and thus in-backup, the
> later is also required for compliance.  I suppose there is no way to
> support such a thing in the mainline - the whole key acquisition  
> issue.

 From a technical PoV storing encrypted values would not be too hard.  
Don't know, not a priority right now, but sounds kinda useful :-)

Helge
-- 
Helge Hess
http://www.helgehess.eu/