Re: LDP with Access Control, or future LDPS(ecure)? from Andy Seaborne on 2012-11-14 (public-ldp-wg@w3.org from November 2012)

From: Andy Seaborne <andy.seaborne@epimorphics.com>
Date: Wed, 14 Nov 2012 16:17:29 +0000
To: public-ldp-wg@w3.org
Message-ID: <50A3C419.2080605@epimorphics.com>

On 14/11/12 13:41, Henry Story wrote:
>
> On 14 Nov 2012, at 14:18, Ashok Malhotra <ashok.malhotra@oracle.com> wrote:
>
>> Hi Andy:
>> There are a bunch of cases like this.  For example, take personnel records.
>> These are typically restricted to HR folks but you can always see your own records.
>> Need to think some more about where to draw the line between access control
>> and LDP functionality

Yes.  We can make this too complicated and ambitious for v1.

> Why is this problematic? Can you not just use the following rule to do what
> you want?
>
> @prefix wac: <http://www.w3.org/ns/auth/acl#> .
>
> [] wac:accessToClass [ wac:regex "https://oracle.com/u/.*" ];
>     wac:mode wac:Read, wac:Write, wac:Control;
>     wac:agentClass <https://oracle.com/g/team/admin#it> .
>
> [] wac:accessToClass [ wac:regex "https://oracle.com/u/123123/.*" ];
>     wac:mode wac:Read;
>     wac:agent <https://oracle.com/u/123123#i> .

To make it interesting:

Support all bugs are "/bugs/NNNN" and it is the data that decalres it to 
be a security issue.

## Somewhere ...
:SecurityProblem rdfs:subClassOf :Bug .


PUT/POST--
</bug/155> a :SecurityProblem ;
    ....
--

i.e. access control depends on the data, not only the access name.

This may result in a different URI allocated so later access control 
works by regex, but at least its on creation.

And what happens if you PUT to a LDPR that changes it's designation?

	Andy

>
> the wac:regex relation does not exist. One should probably use powder, but I wanted
> to implement something really simple to test this out. It just took a couple of
> days to write and test:
>
>   https://github.com/read-write-web/rww-play/blob/master/app/test/WebACLTestSuite.scala#L147
>
> How to specify regular expressions in WAC would be nice, and would be a topic for
> discussion for the Access Control Teleconf
>
>   http://lists.w3.org/Archives/Public/public-ldp-wg/2012Nov/0156.html
>
> It would be useful to work out what the problem is so I can add it to ACTION-28

Access control may depend on data (from create/change time).

	Andy

>
>> All the best, Ashok
>>
>> On 11/14/2012 3:04 AM, Andy Seaborne wrote:
>>>
>>>
>>> On 12/11/12 20:48, Henry Story wrote:
>>>> Luckily Access Control is orthogonal to LDP
>>>
>>> I hope that's true but I don't see why it must be so.
>>>
>>> The LDP spec covers operations on resources and containers and does not mention access control.
>>>
>>> Use case: I create bugReportSecurity57 about a security issue.  I want it restricted because the information contained allows an attacker to exploit the security hole.  Bug reports are normally publicly readable.
>>>
>>> What is the operation flow to create a secure bug report if normally bug reports are publicly readable?  (if they are not by default publicly readable, what operation on them makes them so?)
>>>
>>> Or concretely: what triples are PUT where?
>>>
>>>     Andy
>>>
>>>
>>
>
> Social Web Architect
> http://bblfish.net/
>

Received on Wednesday, 14 November 2012 16:17:58 UTC