Re: Access Control Charter

On 27 April 2014 17:50, cr <_@whats-your.name> wrote:

> some people like to write text on mailinglists, others code..
>
> https://github.com/linkeddata/ldphp/blob/master/www/inc/class/WAC.php
>
> am curious what constitutes the "essence" of WAC and what is
> implementation-specific.
>
> "going recursive" up parent paths.. we well know URIs in RDF are opaque
> yet URIs have a hierarchical-part and those might be mapped to POSIX paths
> - where ldphp may have exited on an explicit allow, POSIX might have denied
> a similar situation due to a mode 700 several parents up.
>
> there's the nod to "root" with the "domain owner"..
>
> LDP Containers and container-level permissions could be an optimization to
> avoid running 50*3 SPARQL queries, providing all 50 resources are within a
> container.. chances are any container-hierarchical-permission-inheritance
> stuff is defined in WAC at a LDP level and not POSIX dir level anyways..
>

Very good points ...

So according to timbl's webize note [1]

unix file system -> ACL'd r/w linked
data<http://www.w3.org/DesignIssues/CloiudStorage.html>

With the typical user,group,owner actors having read,write,execute
permissions (tho we have the very useful append too)

Most people forget about the 4th dimension of POSIX which is the the
setuid, setgui, sticky bit permissions

http://en.wikipedia.org/wiki/Setuid

I dont use these much but they I think are about executing "as" a user or
group.  So maybe this could be some kind of solution to delegated access /
secretaries.

Might be a good time to refresh where we are on this issue, and collect
implementations.  I'll be happy to update the wiki, if so ...

[1] http://www.w3.org/DesignIssues/Webize.html


>
> any other implementations to look at? Stample's Scala is going to take a
> bit for me to get me head around its wizard-levels of abstraction
>
>