W3C home > Mailing lists > Public > public-ldp-wg@w3.org > April 2013

Re: Access Control Requirements

From: Wilde, Erik <Erik.Wilde@emc.com>
Date: Mon, 15 Apr 2013 12:40:03 -0400
To: Andy Seaborne <andy.seaborne@epimorphics.com>, "public-ldp-wg@w3.org" <public-ldp-wg@w3.org>
Message-ID: <CD917A04.10BA8%erik.wilde@emc.com>
hello all.

On 2013-04-15 1:47 , "Andy Seaborne" <andy.seaborne@epimorphics.com> wrote:
>On 14/04/13 11:24, Ashok Malhotra wrote:
>> Access Control will be provided by the storage mechanism and not the LDP
>> server itself.
>Why the storage? I would have through that the use of service level
>access control would be common.
>> The access control mechanism isn't in the purview of the LDP standard,
>Agreed

i also absolutely agree that LDP is not about defining any access control
mechanism. but we have to make sure that we fit in with existing
REST-oriented mechanisms, such as XACML. simply put: if i POST a resource
with a triple that carries a SSN, i want to be able to use XACML to manage
access policies for this information, so that XACML can be used to control
access to that resource. this happens very naturally when things revolve
around resource identity, but maybe it would be worth the effort to add an
XACML-based example to the deployment guide. this example would tell
people how to combine the LDP resource model, and an orthogonal
resource-oriented approach such as XACML, to layer access control on top
of an LDP service. this will be very relevant for anybody considering LDP
for managing information that has security or privacy implications.

cheers,

dret.
Received on Monday, 15 April 2013 16:40:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:11:46 UTC