W3C home > Mailing lists > Public > public-rww@w3.org > November 2012

Re: [WAC] regexps in WebAccessControl

From: Ruben Verborgh <ruben.verborgh@ugent.be>
Date: Sun, 18 Nov 2012 18:59:44 +0100
Message-ID: <20121118185944.Horde.eNuwYkisJlFQqSIQxQFihTA@mail.elis.ugent.be>
To: mike amundsen <mamund@yahoo.com>
Cc: nathan@webr3.org, Read-Write-Web <public-rww@w3.org>
> i *always* (as far back as i can remember) secure the interface (resources
> on the server) via the URL.

I secure by resource:

   hasAccess(resource, method, identity) = true/false

Of course, you can say that, since a resource is identified by a URL,  
this can equally be

   hasAccess(URL, method, identity) = true/false

But this is because the URI uniquely identifies a resource.

In the proposed method, using a regex, the method would actually work  
on a whole set of URIs:

   hasAccess(URLpattern, method, identity) = true/false

In this solution, you're not identifying a resource.
Thereby, you're restricting the URIs your resources can have (or the  
permissions a resource with a certain URI pattern can have).

Ruben
Received on Sunday, 18 November 2012 18:00:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 18 November 2012 18:00:28 GMT