W3C home > Mailing lists > Public > public-ldp-wg@w3.org > November 2012

Re: LDP with Access Control, or future LDPS(ecure)?

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 14 Nov 2012 12:27:02 +0100
Cc: public-ldp-wg@w3.org
Message-Id: <123E0EDA-61D4-4935-8819-7CACBD83D875@bblfish.net>
To: Andy Seaborne <andy.seaborne@epimorphics.com>

On 14 Nov 2012, at 12:04, Andy Seaborne <andy.seaborne@epimorphics.com> wrote:

> 
> 
> On 12/11/12 20:48, Henry Story wrote:
>> Luckily Access Control is orthogonal to LDP
> 
> I hope that's true but I don't see why it must be so.
> 
> The LDP spec covers operations on resources and containers and does not mention access control.
> 
> Use case: I create bugReportSecurity57 about a security issue.  I want it restricted because the information contained allows an attacker to exploit the security hole.  Bug reports are normally publicly readable.

Good use case. I added it here:
http://www.w3.org/2012/ldp/wiki/AccessControl#Creating_a_new_resource_with_ACL_restrictions

> 
> What is the operation flow to create a secure bug report if normally bug reports are publicly readable?  (if they are not by default publicly readable, what operation on them makes them so?)

I have a feeling that in the POST HTTP header one may need to add an ACL header, which could point to some ACL restrictions for the resource to be created.

> 
> Or concretely: what triples are PUT where?
> 
> 	Andy
> 
> 

Social Web Architect
http://bblfish.net/



Received on Wednesday, 14 November 2012 11:27:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:11:42 UTC