- From: Ruben Verborgh <ruben.verborgh@ugent.be>
- Date: Sun, 18 Nov 2012 18:59:44 +0100
- To: mike amundsen <mamund@yahoo.com>
- Cc: nathan@webr3.org, Read-Write-Web <public-rww@w3.org>
> i *always* (as far back as i can remember) secure the interface (resources > on the server) via the URL. I secure by resource: hasAccess(resource, method, identity) = true/false Of course, you can say that, since a resource is identified by a URL, this can equally be hasAccess(URL, method, identity) = true/false But this is because the URI uniquely identifies a resource. In the proposed method, using a regex, the method would actually work on a whole set of URIs: hasAccess(URLpattern, method, identity) = true/false In this solution, you're not identifying a resource. Thereby, you're restricting the URIs your resources can have (or the permissions a resource with a certain URI pattern can have). Ruben
Received on Sunday, 18 November 2012 18:00:28 UTC