Giter VIP home page Giter VIP logo

Comments (6)

nicola avatar nicola commented on July 28, 2024 1

i would let the apps clean the acl (so acl can be more transparent and policies would be easy to renew)

from web-access-control-spec.

timbl avatar timbl commented on July 28, 2024

Note that RDF is monotonic, so if a graph is true, deleting statements leaves it true. Having an optional constraint like acl:validTill 2016-06-30 doesn't work like this. Ways to get around it are many -- have a separate class TimedAuthenticaion for example where the validTill is required. This also means old systems will fail safe.

from web-access-control-spec.

dmitrizagidulin avatar dmitrizagidulin commented on July 28, 2024

@timbl Can you explain a bit more, about monotonic? What do you mean about deleting statements? Does that mean our PATCH verb is useless?

from web-access-control-spec.

ghanemabdo avatar ghanemabdo commented on July 28, 2024

@nicola I agree the cleaning process shouldn't be part of the specs, but I believe the server is more in charge of cleaning. It can happen with every write to the resource or it can rely on server implementation. Poor applications shouldn't cause a lot of dummy triples on the pod.

@timbl does this mean in an authorization rule containing acl:validTill, removal of acl:validTill triple should leave the rest of the triples in the same authorization valid which is not the case here. Removal of acl:validTill triple invalidates the whole authorization rule. I hope I got it right.

In this case, why don't we consider Authorization is actually a TimedAuthorization which has acl:validTill mandatory and for unlimited authorizations, the object could be blank or a very far time in the future? does this make sense?

from web-access-control-spec.

ghanemabdo avatar ghanemabdo commented on July 28, 2024

@dmitrizagidulin do you think @timbl 's point also applies for acl:defaultForNew as it is also optional?

from web-access-control-spec.

dmitrizagidulin avatar dmitrizagidulin commented on July 28, 2024

@ghanemabdo not sure.. I need to understand this subject better; I'll see if I can ask him about it today.

@nicola - don't forget that many (most?) apps won't have read/write access to the .acl resource, and so won't be able to perform cleaning.

from web-access-control-spec.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.