Re: Aligning grouping of resources in POWDER and WAF Access Control.

>  From a POWDER perspective therefore, the default position is that 
> example.org matches both www.example.org and example.org. What this 
> discussion has made me realise is that we need to be explicit in our 
> documentation that it DOES NOT match badexample.org - i.e. a different 
> domain altogether.
> 
> Like WAF, we have an exclude method as well so we can say:
> 
> <wdr:includeHosts>example.org example.com</wdr:includeHosts>
> <wdr:excludeHosts>private.example.org</wdr:excludeHosts>
> 
> (which means everything on example.org and example.com except resources 
> on private.example.org). The assumption being that someone describing a 
> load of content would know what they wanted to leave out.
> 
> So the general approach has been, as ever, that simple things will be 
> simple (we own example.com so that's the scope of this description) but 
> that complex situations can also be handled (you can write a Reg Ex if 
> you need to)

This sounds good to me. With that I would be more happy with saying that 
*.foo.com should match only www.foo.com but not foo.com. That would make 
it intuitive with rules like:

allow <foo.com> exclude <*.foo.com>
and
allow <foo.com> exclude <users.foo.com>

I'm not sure I see much use for the '?' syntax suggested. What 
situations would that help, and are they very common?

> As for Jonas' other point - what else could/should we share. Well, 
> access control is clearly an application of what we're doing, whether 
> that's in terms of licensing or my own area of child protection. I guess 
> it's a question of use cases.

Not sure I follow you here. My question is, are there any concrete parts 
of respective specs that would make sense to share? Other than the URI 
syntax? Could access-control be implemented using POWDER even, and if 
so, what would the resulting syntax be for an author publishing 
shareable documents on his website?

Best Regards
/ Jonas Sicking

Received on Monday, 23 July 2007 08:44:41 UTC