Re: [AC] Access Control Algorithm

On Thu, 03 May 2007 03:00:16 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>> Also, you want this in addition to the current mechanism, right?
>
> See my latest proposal in my previous mail. Rather than having 'exclude'  
> additions to both allow and deny, I think it'd be simpler to have a  
> 'default' rule as well. This rule wouldn't need to exist for the PI,  
> though it might be nice to have it just for consistency, I don't really  
> feel strongly either way.

I missed that. The current mechanism is actually defined in such a way  
that order is not important. I'm not sure what the affect of changing that  
would be. Also, you still need to have allow and exclude for the  
processing instruction so supporting the same logic for the HTTP header  
makes more sense to me. Basically:

    rule ::= type (pattern)+ ("exclude" (pattern)+)?
    type ::= allow | deny


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Thursday, 3 May 2007 08:29:22 UTC