Describing resource permissions?

40 views
Skip to first unread message

Timothy Perrett

unread,
Apr 15, 2013, 11:54:19 AM4/15/13
to collect...@googlegroups.com
Hey all,

I'm curious, is there anyway to describe resource permissions with CJ? That is to say, lets say I want to have a set of ACLs for various resources, and I want some way to indicate that link X requires role "foo" in order to access it. Had a trawl through the archive but couldn't find anything, and was curious to see if anyone had done their own extension etc to meet such a need. 

Thanks, Tim 

Sebastian Edwards

unread,
Apr 16, 2013, 12:00:53 AM4/16/13
to collect...@googlegroups.com
I'm no expert but I believe the idiomatic way to do this would be to not render the link to clients who don't have permission to follow it.

Timothy Perrett

unread,
Apr 16, 2013, 12:55:30 AM4/16/13
to collect...@googlegroups.com
I can totally imagine that being the case, but from a security perspective, one would need something more. Was thinking that i'd like my services to be able to describe the permissions required to traverse the specified link... is this crazy talk? 

Cheers, Tim 

mca

unread,
Apr 16, 2013, 12:58:24 AM4/16/13
to collect...@googlegroups.com
tim:

a couple Qs:
1) why are you describing ACLs? is this for some admin UI about controlling resources?
2) who would be the consumer for this description? humans? machines?


--
You received this message because you are subscribed to the Google Groups "Collection+JSON" group.
To unsubscribe from this group and stop receiving emails from it, send an email to collectionjso...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Timothy Perrett

unread,
Apr 16, 2013, 1:05:51 AM4/16/13
to collect...@googlegroups.com
Sure thing, thanks for the response :-)

1) Right on, because when you have a large distributed system, you want each component of that system to be able to define its own permissions with the semantics that best make sense for it, and then have some central system read those "ACL sets" to present some UI to an administrator who can define what permissions for what services a particular business class of user should get. That's the thought anyway. 

2) machines (but as a proxy for human interaction)

Perhaps I'm thinking about the problem the wrong way around? 

Thanks

Tim 

You received this message because you are subscribed to a topic in the Google Groups "Collection+JSON" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/collectionjson/Bk9CM1iu5Mc/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to collectionjso...@googlegroups.com.

mca

unread,
Apr 16, 2013, 1:20:31 AM4/16/13
to collect...@googlegroups.com
ok, i think i understand your idea.

since Cj was created as a representation format, it has no design element dedicated to ACLs. however, there are a number of possible ways to express this metadata about a resource.

for one example, in a Cj representation (e.g. a list of to-do items), you can include a link that points to the ACLs for this resource:

{collection : {
    href: "...",
    links: [
      {rel:"acls", href:"..."}  
    ]
    items: [...],
    queries: [...]
  }
  
resolving the "acls" href could return the list of ACLs and the representation format could be Cj (or any other format the client prefers).

you could also include a link header to do the same thing. 

does this help?

Reply all
Reply to author
Forward
0 new messages