From [[http://cpsquare.org CPsquare]], the community of practice on communities of practice.

... part of the technology for communities project, started off by the authors of [Digital Habitats], Etienne Wenger, Nancy White, and John D. Smith.

Project Contributing Category

Contents 1 Definition 2 Uses in Communities of Practice 3 Polarities 4 Features

Definition

This relates to all features for managing security that might be required by other tools and features. Trust models are dealt with in the section titled "User Visible Security." System administrators use the features in this section.

The following system level security features are relevant to platforms:

1. Group Management;
2. Certificate Authorities;
3. Classified Features;
4. Algorithms and Integration.

Uses in Communities of Practice

Ensure good system security management with a broad set of features which make sure the community is private, members are trusted and people are who they claim they are. The benefits offered by these features include: privacy, authentication, authorization, integrity, an ability to manage security and the integration of the environment.

Communities that exist in high-security environments have many special requirements that affect platform selection and community operation. Not discussed here.

Polarities

• Together/apart, Synch/Asynch:
• Interaction/publication:
• Individual/group:

Features

• Modify Access Rights to Reflect Community Policies Modify all group access rights to reflect changing community policies.
  • To align community and group access policies with actual practice and user access requirements. The informal feeling of a community of practice may be quite sensitive to complicated or involved methods of changing access rights.
• Central Role Administration Roles in the community can easily be managed by a designated administrative authority.
  • The integrity of people's roles are guaranteed by an administrative and technical structure.
• Embedded Central Authority Does the platform come with a CA?
  • Centralized security certificate management means that the environment can be locked down to a well known set of users more easily.
• 3rd Party Authority(s) Does the platform support a 3rd party CA?
  • If we don't have a community CA out of the box or we want to use another one, can we?
• Cross Certification Can other CAs be cross certified?
  • This is useful if you want to have two different communities using a central trust model trust each other.

Useful references:

• http://www.enterpriseitplanet.com/security/features/article.php/11321_2214631_2 Web Application Security Checklist