Re: [WAC] regexps in WebAccessControl

On 18 Nov 2012, at 15:58, Ruben Verborgh <ruben.verborgh@ugent.be> wrote:

>> It is often useful to be able to specify that all resources in a 
>> collection ( a directory ) or a whole namespace (say all resources
>> under /user/jack/.*
> 
> This couples your access control to your URI structure. I’m not sure you want to do that.

It does not force you to do that, it allows you to do it. In many cases it is perfectly
legitimate to do that, and in fact one very popular interpretation of REST people
think that nice readable URIs is a good thing. I think you'll find that in many
web apps such namespace hierarchies are what web server's do naturally. In fact just
think of Apaches ~name hierarchy as a clear example.

You can use both together. Your ACL document could say:

  []  wac:accessToClass [ wac:regex "http://joe.example/blog/.*" ];
      wac:accessTo <http://joe.example/feed>
      wac:agentClass foaf:Agent;
      wac:mode wac:Read .

Of course you don't need regex's at all. See all the examples on
   http://www.w3.org/wiki/WebAccessControl
for examples of that.

For large sites and Apache web servers on the other hand 
it could make things a lot more efficient though.

Ah don't forget that you can also have one ACL file link to other ACL
files to include them.

Henry



> 
> Ruben

Social Web Architect
http://bblfish.net/

Received on Sunday, 18 November 2012 19:51:26 UTC