- From: Andrei Sambra <andrei.sambra@gmail.com>
- Date: Sun, 27 Apr 2014 12:42:40 -0400
- To: "public-rww@w3.org" <public-rww@w3.org>
- Message-ID: <CAFG79eg5YTwj-Q9kgsdr+UuqYSJqmX8odF5Mph+Hhe9tcxvfvw@mail.gmail.com>
Hi, On Sun, Apr 27, 2014 at 11:50 AM, cr <_@whats-your.name> wrote: > some people like to write text on mailinglists, others code.. > > https://github.com/linkeddata/ldphp/blob/master/www/inc/class/WAC.php > > am curious what constitutes the "essence" of WAC and what is > implementation-specific. > > "going recursive" up parent paths.. we well know URIs in RDF are opaque > yet URIs have a hierarchical-part and those might be mapped to POSIX paths > - where ldphp may have exited on an explicit allow, POSIX might have denied > a similar situation due to a mode 700 several parents up. > > there's the nod to "root" with the "domain owner".. > > LDP Containers and container-level permissions could be an optimization to > avoid running 50*3 SPARQL queries, providing all 50 resources are within a > container.. chances are any container-hierarchical-permission-inheritance > stuff is defined in WAC at a LDP level and not POSIX dir level anyways.. > The reason we decided to have ACL policies for each resource was that people may want to override more "general" rules which are defined at the container level through the "defaultForNew" relation. For instance, you can have a workspace in which you want to allow Web apps to write their own ACLs. Although the general intuition is that URI paths usually follow the paths on the disk (maybe), that is not how Web URIs work. For instance, with LDP you can have member resources and containers that are on different servers, so in that case you *need* to define and respect the ACL policies set at the resource level. -- Andrei > > any other implementations to look at? Stample's Scala is going to take a > bit for me to get me head around its wizard-levels of abstraction > >
Received on Sunday, 27 April 2014 16:43:34 UTC