- From: <ashok.malhotra@oracle.com>
- Date: Sat, 26 Apr 2014 19:04:28 -0400
- To: Sandro Hawke <sandro@w3.org>
- Cc: "public-ldp-wg@w3.org" <public-ldp-wg@w3.org>
A query as in your examples selects a collection of resources or triples Sent from my iPhone > On Apr 26, 2014, at 5:47 PM, Sandro Hawke <sandro@w3.org> wrote: > >> On 04/26/2014 11:41 AM, Ashok Malhotra wrote: >> For access control, I was thinking, we need to define two collection resources. >> One, a collection of identities, populated by enumeration or some sort of pattern >> and the other a collection of resources, populated by enumeration or query. >> For access control you connect a collection of the Ids with a collection of resources >> specifying the privileges afforded. The connection could be made by the person >> who manages the server or it could be made by a policy. >> >> Does this make sense? > > It makes sense in general, but I'm not sure about the particulars. What do you mean by collection? Why a collection at all? I'd expect the server to look in some control graph for triples like: > > ?userDoingAccess eg:canRead ?resourceBeingAccessed > > or, to handle slightly more complicated situations: > > ?userDoingAccess rdf:type ?someClassOfUser; > ?someClassOfUser eg:allCanRead ?resourceBeingAccessed > > Maybe there's a need to also connect those triples to Containers so to help with administration, but I'd think enforcement would just be based on the triples themselves. > > -- Sandro >
Received on Saturday, 26 April 2014 23:05:02 UTC