[OTDev] List of all resources and authentication
chung chvng at mail.ntua.grFri Jun 18 12:09:05 CEST 2010
- Previous message: [OTDev] List of all resources and authentication
- Next message: [OTDev] List of all resources and authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Nina, I think it would be both more efficient for the server (because it would provide shorter representations) and for the client (to be able to view only the resources to which it has access) if the services return only a URI list of resources at which the client has access. Otherwise the services would have to return very long lists of URIs or even RDF documents. However if we decide to return the complete list I think it would be good practice if clients requested only URI lists and not RDFs for the sake of shorter representations. Recall that RDF representations contain all information about the underlying resources, for example if you ask for an RDF/XML representation of all model you can see every model's independent and dependent variables etc. Best regards, Pantelis -------------------------------------------------- New Book: Teach yourself C in 45 years, Volume I. Special offers for life prisoners ;) On Fri, 2010-06-18 at 12:36 +0300, Nina Jeliazkova wrote: > Hi, > > Good question. The easiest workaround would be to return URIs of all > resources, regardless of the ownership/policy - if the user wants to > retrieve representation of the particular resource, then the > authorisation applies. This will not break protection of confidential > resources, since the client will get only links, not resources > themselves. And this is how typical web page works as well - you can > see the links, but accessing the links might require AA. > > In fact, retrieving list of resources should rely on the policy for the > top level resource (e.g. /model ) , which might have GET allowed for > everybody. > > Best regards, > Nina > > chung wrote: > > Hi All, > > If a user needs a list of all models or datasets (either a URI list or > > an RDF document) is the service supposed to return only his resources > > neglecting all other or list all resources to which the user has access? > > > > In the first case I guess some identifier for the user has to be saved > > in the database (e.g. bob at opentox.org). Checking all resources in the > > database for authorization one by one I think is out of the question for > > this would be a bottleneck. Maybe it is worth think about how can the > > client obtain a list of all resources it can access which of course > > might have been created by other users. > > > > Best regards, > > Pantelis > > > > _______________________________________________ > > Development mailing list > > Development at opentox.org > > http://www.opentox.org/mailman/listinfo/development > > > > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development >
- Previous message: [OTDev] List of all resources and authentication
- Next message: [OTDev] List of all resources and authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list