Re: LDP with Access Control, or future LDPS(ecure)?

Hi Andy:
There are a bunch of cases like this.  For example, take personnel records.
These are typically restricted to HR folks but you can always see your own records.
Need to think some more about where to draw the line between access control
and LDP functionality
All the best, Ashok

On 11/14/2012 3:04 AM, Andy Seaborne wrote:
>
>
> On 12/11/12 20:48, Henry Story wrote:
>> Luckily Access Control is orthogonal to LDP
>
> I hope that's true but I don't see why it must be so.
>
> The LDP spec covers operations on resources and containers and does not mention access control.
>
> Use case: I create bugReportSecurity57 about a security issue.  I want it restricted because the information contained allows an attacker to exploit the security hole.  Bug reports are normally publicly readable.
>
> What is the operation flow to create a secure bug report if normally bug reports are publicly readable?  (if they are not by default publicly readable, what operation on them makes them so?)
>
> Or concretely: what triples are PUT where?
>
>     Andy
>
>

Received on Wednesday, 14 November 2012 13:18:50 UTC