W3C home > Mailing lists > Public > public-ldp-wg@w3.org > November 2012

Re: LDP with Access Control, or future LDPS(ecure)?

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 14 Nov 2012 14:41:23 +0100
Cc: public-ldp-wg@w3.org
Message-Id: <43182062-BB0F-4676-85F9-7157ADEFD26D@bblfish.net>
To: ashok.malhotra@oracle.com

On 14 Nov 2012, at 14:18, Ashok Malhotra <ashok.malhotra@oracle.com> wrote:

> Hi Andy:
> There are a bunch of cases like this.  For example, take personnel records.
> These are typically restricted to HR folks but you can always see your own records.
> Need to think some more about where to draw the line between access control
> and LDP functionality

Why is this problematic? Can you not just use the following rule to do what
you want?

@prefix wac: <http://www.w3.org/ns/auth/acl#> .

[] wac:accessToClass [ wac:regex "https://oracle.com/u/.*" ]; 
   wac:mode wac:Read, wac:Write, wac:Control; 
   wac:agentClass <https://oracle.com/g/team/admin#it> .

[] wac:accessToClass [ wac:regex "https://oracle.com/u/123123/.*" ]; 
   wac:mode wac:Read; 
   wac:agent <https://oracle.com/u/123123#i> .

the wac:regex relation does not exist. One should probably use powder, but I wanted
to implement something really simple to test this out. It just took a couple of
days to write and test:


How to specify regular expressions in WAC would be nice, and would be a topic for 
discussion for the Access Control Teleconf


It would be useful to work out what the problem is so I can add it to ACTION-28

> All the best, Ashok
> On 11/14/2012 3:04 AM, Andy Seaborne wrote:
>> On 12/11/12 20:48, Henry Story wrote:
>>> Luckily Access Control is orthogonal to LDP
>> I hope that's true but I don't see why it must be so.
>> The LDP spec covers operations on resources and containers and does not mention access control.
>> Use case: I create bugReportSecurity57 about a security issue.  I want it restricted because the information contained allows an attacker to exploit the security hole.  Bug reports are normally publicly readable.
>> What is the operation flow to create a secure bug report if normally bug reports are publicly readable?  (if they are not by default publicly readable, what operation on them makes them so?)
>> Or concretely: what triples are PUT where?
>>    Andy

Social Web Architect

Received on Wednesday, 14 November 2012 13:41:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:17:33 UTC