- From: Wilde, Erik <Erik.Wilde@emc.com>
- Date: Mon, 15 Apr 2013 12:40:03 -0400
- To: Andy Seaborne <andy.seaborne@epimorphics.com>, "public-ldp-wg@w3.org" <public-ldp-wg@w3.org>
hello all. On 2013-04-15 1:47 , "Andy Seaborne" <andy.seaborne@epimorphics.com> wrote: >On 14/04/13 11:24, Ashok Malhotra wrote: >> Access Control will be provided by the storage mechanism and not the LDP >> server itself. >Why the storage? I would have through that the use of service level >access control would be common. >> The access control mechanism isn't in the purview of the LDP standard, >Agreed i also absolutely agree that LDP is not about defining any access control mechanism. but we have to make sure that we fit in with existing REST-oriented mechanisms, such as XACML. simply put: if i POST a resource with a triple that carries a SSN, i want to be able to use XACML to manage access policies for this information, so that XACML can be used to control access to that resource. this happens very naturally when things revolve around resource identity, but maybe it would be worth the effort to add an XACML-based example to the deployment guide. this example would tell people how to combine the LDP resource model, and an orthogonal resource-oriented approach such as XACML, to layer access control on top of an LDP service. this will be very relevant for anybody considering LDP for managing information that has security or privacy implications. cheers, dret.
Received on Monday, 15 April 2013 16:40:50 UTC