[OTDev] Policy creation
Andreas Maunz andreas at maunz.deTue Jun 22 11:28:52 CEST 2010
- Previous message: [OTDev] AA Update
- Next message: [OTDev] Policy creation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear webservice developers, we (IST) discussed several strategies to create policies, and I would like to summarize them roughly and also discuss them with you: Ownership: - We try to keep analogy to file systems. In a (modern) file system, every file has an owner. In our service, a policy is created using a token. The token belongs to a user, and, in analogy to file systems, this user is registered as the owner of all URIs that appear in the policy. - In line with file systems, the owner has no obligation to grant himself access to the respective resources, but retains the right to do so at any time. Moreover, he has full control over all his resources, including the possibility to deny any access. What is missing yet is the possibility to transfer ownership to another user. Creation and deletion: - Webservice developers are encouraged to tie resources and policies as close as possible together in order to avoid "orphans", i.e. resources or policies that have no matching policy or resource, respectively. This is a design task, but could in the future also be more soundly tackled by a technology that attaches policies more directly to a resource. Default policies: - We follow a strategy (in analogy to file systems) to create policies giving the owner full access to the resources by default. Conversely, all other users are granted read access only by default. Importantly, this may be overridden already on creation of a resource. What read and full access means in terms of GET, POST, PUT, DELETE, is however not clear a priori. Best regards Andreas
- Previous message: [OTDev] AA Update
- Next message: [OTDev] Policy creation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list