Secret And Public Content Publishing

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Secret And Public Content Publishing

pedramb
Hi ,
 
  I'm very new to Hippo CMS and JCR 170 and I was wondering if anyone could help me understand if the following requirement can be easily met with Hippo CMS. The idea is to have two separate repository one is used as public content and one is used as secret content . The public content that are created should be available to the secret environment and the secret content should only be available to public environment on publish . The two environments will share same hierarchy and structor . In the pass with other CMS this has been a challenge due to unique ID clashing and I was wondering if this is something that can be easily accomplished with Hippo CMS.

Also Im attaching an image of the site architecture Im describing above.

Thanks

Ard
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Ard
Hello,

On Tue, May 29, 2012 at 6:39 AM, pedramb <[hidden email]> wrote:
> Hi ,
>
>  I'm very new to Hippo CMS and JCR 170 and I was wondering if anyone could
> help me understand if the following requirement can be easily met with Hippo
> CMS. The idea is to have two separate repository one is used as public
> content and one is used as secret content . The public content that are
> created should be available to the secret environment and the secret content
> should only be available to public environment on publish . The two
> environments will share same hierarchy and structor .

Just to be sure: The separation of repositories is a mandatory part of
your setup or is it because you think this is needed to support what
you want? Basically, what you describe is possible within a single
repository pretty much out of the box.

Also, we are currently working on content packaging (which goes quite
a bit further than what you need (not only content, but also
configuration, namespaces, etc)) to support migration and sharing
between repositories in either a DTAP street or in a setup that you
describe (more like workflow across repositories)

Regards Ard

> In the pass with other
> CMS this has been a challenge due to unique ID clashing and I was wondering
> if this is something that can be easily accomplished with Hippo CMS.
>
> Also Im attaching an image of the site architecture Im describing above.
>
> Thanks
>
> http://hippo.2275632.n2.nabble.com/file/n7578358/SecretAndPublicManagement.jpg
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Secret-And-Public-Content-Publishing-tp7578358.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

pedramb
Hi Ard,

  At this point I think this is whats needed. The goal here is to have no information leak.
The other advantage here is that the secret repository can be locked down even to admins during sensitive times. I also want to encrypt file system and database of this instance. I'm not sure if today hippo search and asset dependency report takes into account the authorization model.

 Regarding content packaging is that going to be part the backup and restore feature ?

The other feature I'm also looking for is content sharing across different business units based on a subscribe model. I know WEMI standard is still being worked on but I was wondering if this is something that can be build today on top of the content replication service.

Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Frank van Lankvelt
On Tue, May 29, 2012 at 5:11 PM, pedramb <[hidden email]> wrote:
> Hi Ard,
>
>  At this point I think this is whats needed. The goal here is to have no
> information leak.
> The other advantage here is that the secret repository can be locked down
> even to admins during sensitive times. I also want to encrypt file system
> and database of this instance. I'm not sure if today hippo search and asset
> dependency report takes into account the authorization model.
>
the default configuration indeed assumes that assets and images do not
need authorization, but this is by no means the only authorization
possible.  By treating these resources as regular documents (embedding
the assets or images), it is possible to use the same workflow and
authorization as documents have.  This is something we regularly do
for sensitive information.

>  Regarding content packaging is that going to be part the backup and restore
> feature ?
>
> The other feature I'm also looking for is content sharing across different
> business units based on a subscribe model. I know WEMI standard is still
> being worked on but I was wondering if this is something that can be build
> today on top of the content replication service.
>
content replication would indeed be the way to continuously publish
contents from one repository into the other.  I'm not aware of the
reciprocal publishing you are describing having been implemented, but
that seems quite feasible.

cheers, Frank

> Thanks
>
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Secret-And-Public-Content-Publishing-tp7578358p7578369.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Ard
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Ard
On Tue, May 29, 2012 at 10:40 PM, Frank van Lankvelt
<[hidden email]> wrote:

> On Tue, May 29, 2012 at 5:11 PM, pedramb <[hidden email]> wrote:
>> Hi Ard,
>>
>>  At this point I think this is whats needed. The goal here is to have no
>> information leak.
>> The other advantage here is that the secret repository can be locked down
>> even to admins during sensitive times. I also want to encrypt file system
>> and database of this instance. I'm not sure if today hippo search and asset
>> dependency report takes into account the authorization model.
>>
> the default configuration indeed assumes that assets and images do not
> need authorization, but this is by no means the only authorization
> possible.  By treating these resources as regular documents (embedding
> the assets or images), it is possible to use the same workflow and
> authorization as documents have.  This is something we regularly do
> for sensitive information.

I think this is not completely what he asks Frank: he wants to know
whether a user (in our case jcr session) can get search results he is
not allowed to see. This is taken care of already by Jackrabbit (Hippo
repository is built on top of Jackrabbit) : Search results and
authorization are accounted for. You can never get a hit for a
document (whether it is an asset or image) you are not allowed to
read.

What Frank points out is though related: We by default consider images
/ assets to be 'web resources' and readable by the 'siteuser'.
However, you can with normal ACL configuration in our repository
exclude images and assets to be readable for the siteuser. Now,
obviously, we also have customers that have a 'preview' / 'live' state
of assets : In that case, we make them part of a regular document,
which Frank described.

>
>>  Regarding content packaging is that going to be part the backup and restore
>> feature ?

I am not sure yet, but I think it might be very well applicable to
this area as well indeed. Content packaging should be able to create
partial backups. Since the content packaging is currently work in
progress, I think it would be good to chime in to give us as many use
cases as possible.

Regards Ard

>>
>> The other feature I'm also looking for is content sharing across different
>> business units based on a subscribe model. I know WEMI standard is still
>> being worked on but I was wondering if this is something that can be build
>> today on top of the content replication service.
>>
> content replication would indeed be the way to continuously publish
> contents from one repository into the other.  I'm not aware of the
> reciprocal publishing you are describing having been implemented, but
> that seems quite feasible.
>
> cheers, Frank
>
>> Thanks
>>
>>
>>
>> --
>> View this message in context: http://hippo.2275632.n2.nabble.com/Secret-And-Public-Content-Publishing-tp7578358p7578369.html
>> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>
>
>
> --
> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
> Boston - 1 Broadway, Cambridge, MA 02142
>
> US +1 877 414 4776 (toll free)
> Europe +31(0)20 522 4466
> www.onehippo.com
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

pedramb
Hi Frank & Ard

Any reason you might think bidirectional publishing might fail ? I'm not sure how site replication works and  how UUID between two environments are assured.

Thanks
Ard
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Ard
On Wed, May 30, 2012 at 12:53 AM, pedramb <[hidden email]> wrote:
> Hi Frank & Ard
>
> Any reason you might think bidirectional publishing might fail ? I'm not

With bidirectional publishing you mean publishing between two
different repository instances?

> sure how site replication works and  how UUID between two environments are
> assured.

UUID consistency will be part of the 'content packaging' : Namely
relations between documents based on their UUIDs need to be portable
to another repository instance

Regards Ard

>
> Thanks
>
>
> --
> View this message in context: http://hippo.2275632.n2.nabble.com/Secret-And-Public-Content-Publishing-tp7578358p7578373.html
> Sent from the Hippo CMS 7 mailing list archive at Nabble.com.
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

pedramb
Hi Ard ,

>With bidirectional publishing you mean publishing between two
>different repository instances?
Yes , two different repositories.



Thanks
Ard
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Ard
On Wed, May 30, 2012 at 9:08 AM, pedramb <[hidden email]> wrote:
> Hi Ard ,
>
>>With bidirectional publishing you mean publishing between two
>>different repository instances?
> Yes , two different repositories.

The bidirectional publishing will be part of the  'content packaging'
that thus also will take care of UUIDs. So, I don't have reasons why
bidirectional publishing will then fail. Without content packaging
however, it won't be possible to keep the UUIDs stable, so, I don't
expect it to be possible without content packaging

Regards Ard

>
> Thanks
>
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Frank van Lankvelt
volgens mij ben je nu wel erg hard content packaging aan het pushen,
wat we nog niet hebben.  Nu ben ik natuurlijk niet bij jullie
discussies hierover, maar het lijkt me niet wat hij wil.  Hij is meer
geinteresseerd in synchronisatie tussen repo's; niet het pushen van
batches van content.

cheers, Frank

On Wed, May 30, 2012 at 8:19 AM, Ard Schrijvers
<[hidden email]> wrote:

> On Wed, May 30, 2012 at 9:08 AM, pedramb <[hidden email]> wrote:
>> Hi Ard ,
>>
>>>With bidirectional publishing you mean publishing between two
>>>different repository instances?
>> Yes , two different repositories.
>
> The bidirectional publishing will be part of the  'content packaging'
> that thus also will take care of UUIDs. So, I don't have reasons why
> bidirectional publishing will then fail. Without content packaging
> however, it won't be possible to keep the UUIDs stable, so, I don't
> expect it to be possible without content packaging
>
> Regards Ard
>
>>
>> Thanks
>>
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html



--
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html
Reply | Threaded
Open this post in threaded view
|

Re: Secret And Public Content Publishing

Arje Cahn
Administrator
Hi,

Looks like you either need repository synchronization or content packaging.. We've seen quite some implementations that use similar setups (including the security restrictions you mention) - and it might be good if we share some of those cases with you so you can see what setup fits you best.

As Frank is saying (in Dutch), Content Packaging is still very much under development. If you want, I can show you our progress so far. Feel free to ping me directly.

Regards,

Arjé Cahn

CTO, Hippo
[hidden email] / [hidden email]
twitter.com/#!/arjecahn

Amsterdam - Oosteinde 11, 1017 WT Amsterdam
Boston - 1 Broadway, Cambridge, MA 02142

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com


On May 30, 2012, at 10:02 AM, Frank van Lankvelt wrote:

> volgens mij ben je nu wel erg hard content packaging aan het pushen,
> wat we nog niet hebben.  Nu ben ik natuurlijk niet bij jullie
> discussies hierover, maar het lijkt me niet wat hij wil.  Hij is meer
> geinteresseerd in synchronisatie tussen repo's; niet het pushen van
> batches van content.
>
> cheers, Frank
>
> On Wed, May 30, 2012 at 8:19 AM, Ard Schrijvers
> <[hidden email]> wrote:
>> On Wed, May 30, 2012 at 9:08 AM, pedramb <[hidden email]> wrote:
>>> Hi Ard ,
>>>
>>>> With bidirectional publishing you mean publishing between two
>>>> different repository instances?
>>> Yes , two different repositories.
>>
>> The bidirectional publishing will be part of the  'content packaging'
>> that thus also will take care of UUIDs. So, I don't have reasons why
>> bidirectional publishing will then fail. Without content packaging
>> however, it won't be possible to keep the UUIDs stable, so, I don't
>> expect it to be possible without content packaging
>>
>> Regards Ard
>>
>>>
>>> Thanks
>>>
>> _______________________________________________
>> Hippo-cms7-user mailing list and forums
>> http://www.onehippo.org/cms7/support/forums.html
>
>
>
> --
> Amsterdam - Oosteinde 11, 1017 WT Amsterdam
> Boston - 1 Broadway, Cambridge, MA 02142
>
> US +1 877 414 4776 (toll free)
> Europe +31(0)20 522 4466
> www.onehippo.com
> _______________________________________________
> Hippo-cms7-user mailing list and forums
> http://www.onehippo.org/cms7/support/forums.html


_______________________________________________
Hippo-cms7-user mailing list and forums
http://www.onehippo.org/cms7/support/forums.html