Re: Access Control Requirements

On 4/15/13 12:40 PM, Wilde, Erik wrote:
> hello all.
>
> On 2013-04-15 1:47 , "Andy Seaborne"<andy.seaborne@epimorphics.com>  wrote:
>> >On 14/04/13 11:24, Ashok Malhotra wrote:
>>> >>Access Control will be provided by the storage mechanism and not the LDP
>>> >>server itself.
>> >Why the storage? I would have through that the use of service level
>> >access control would be common.
>>> >>The access control mechanism isn't in the purview of the LDP standard,
>> >Agreed
> i also absolutely agree that LDP is not about defining any access control
> mechanism. but we have to make sure that we fit in with existing
> REST-oriented mechanisms, such as XACML. simply put: if i POST a resource
> with a triple that carries a SSN, i want to be able to use XACML to manage
> access policies for this information, so that XACML can be used to control
> access to that resource.
Yes, and there will be others that want to use other ACL mechanisms [1] .

We have to make sure it leverages existing Web Architecture, which (to 
me) goes beyond REST without breaking RESful interaction requirements.


Links:

1. http://www.w3.org/wiki/WebAccessControl -- Web Access Controls
2. http://www.w3.org/wiki/WebAccessControl -- Cloud Storage
3. http://kingsley.idehen.net/DAV/home/kidehen/Public/ -- Example of 1&2 
in action i.e., access is controlled using fine-grained ACLs that 
leverages RDF based Linked Data.

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen