- From: Nathan <nathan@webr3.org>
- Date: Mon, 19 Nov 2012 10:53:51 +0000
- To: Read-Write-Web <public-rww@w3.org>
Henry Story wrote: > It is often useful to be able to specify that all resources in a > collection ( a directory ) or a whole namespace (say all resources > under /user/jack/.* have read-write-execute access by joe . ... > It is also useful to be able to specify groups of users in general this > way, so for example one may want to specify that all employees of Oracle > have read access to a resource by doing a regexpression on WebIDs. Perhaps > like this https://oracle.com/ppl/[^/]* ... > For WebID testing it would be useful to have the group of all people > who have authenticated with a WebID. The wiki has it as a discussion point > to have a class wac:WebIDAgent [4] but I think regexpressions solve this > much better, since it does not require all verification code to have a special > case for WebID Authenticated agents: > > 1. Does this make sense? Almost. > 2. Is the modelling ok? IMHO, no. There is no relation between http://example.org/directory/ and http://example.org/directory/file-a, all we have are two URIs, let's call them <x> and <y>. If <x> is a directory, or a collection, or a container, or references <y>, or any other resource, then we should publish those relations as RDF. Then, the relation is no longer hidden, it's visible. If it's visible, we can use it in WebACL. Taking the regexp approach, whilst neat, relies on using out of band information that's hidden behind the uniform interface - that there is some magical relation between <x> and <y> that nobody knows or can see. SOIC, LDP, and many others have taken the approach of exposing relations between resources, collection membership, this is the linked data way, WebACL is for the web, and for linked data. If you know there is a relation between <https://oracle.com/ppl/> and <https://oracle.com/ppl/bob>, assert that relation in RDF, and if you want to give access to all the people <https://oracle.com/ppl/> refers to, then create a quick class using a restriction and give access to them. This is a far more webby way to do things, and means that any URI can be added to the collection, and thus granted access, rather than just those which match a particular lexical form. Hope that makes sense, Best, Nathan ps: still kudos the regexp approach is nice and neat.
Received on Monday, 19 November 2012 10:54:51 UTC