- From: Karol Szczepański <karol.szczepanski@gmail.com>
- Date: Thu, 29 Oct 2015 20:46:21 +0100
- To: "Ryan Shaw" <ryanshaw@unc.edu>, <public-hydra@w3.org>
Hi Ryan I had similar concenrs with my implementations. In final version we decided to filter the API documentation to currently authenticated user's priviledges without exposing privilegdges themselves. This would mean that on each API documentation request an Authorization header was checked and depending on what given user could do we gave a trimmed API documentation. Still, if something goes wrong your server would return 401 Unauthorized. I think similar approach could be taken with in-body hypermedia controls. Best Karol
Received on Thursday, 29 October 2015 19:46:28 UTC