[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [regrep] Folder proposal overview
+1 on leveraging XACML and minimal change to spec___________________________
<quote who="Farrukh Najmi">
<from meeting note 5/13/04>
Folder idea (carry over from F2F). Farrukh not present. Duane’s concern
that it could violate the MVC and bring registry into UI.
</from meeting note 5/13/04>
I had explained this at the New Orleans f2f that everything I propose is
part of Information Model (the M in MVC). There is no violation of MVC
by introducing view into the specs.
We are defining a registry and a repository. All repositories support a
notion of files and folders as part of their model to facilitate
structural organization of content (see nt:file and nt:folder in JSR 170
for example). This has nothing to do with views (how the structure is
displayed).
No let us go back to the motivation of why I am proposing this
enhancement in historical retrospective perspective...
In version 2.5 we added an HTTP interface that allowed all
RegistryObjects and RepositoryItems to be accessible via a URL based
upon its id. The problem was that the URL was meaningless to the
submitter (kind of like a KAVI URL).
So next we introduced post 2.5 and approved the "User defined URL"
feature. This feature augmented the HTTP interface by allowing a
submitter to optionally provide one or more user defined URLs that were
meaningful to the user. This was a major improvement.
However we still have an issue that user-defined URLs have no access
control. Anyone can assign any (potentially misleading) URL to objects
they own. For example lets us say Duane is using the following URLs
prefix for all hist objects:
..../userData/duane/....
Now along comes Farrukh and submits some false information allegedly
pertaining to Duane under the URL:
..../userData/duane/companyInfo/aboutDuanesCompany.html
There is absolutely nothing that Duane can do since I published that URL
on *MY* object. But the damage is done to Duane's stellar reputation.
The File/Folder metaphor proposal augments the user-defined URLto allow
Duane to protect his stellar reputation.
The Registry has a userData folder as root of all userData. The folders
access control allows anyone to create files and folders in it. Duane
creates a folder named "duane" under it and sets its access control to
only allow Duane and possible his dear wife and some choice friends to
create files and folders under it. I simply will not be able to write my
slanderous files under Duane's folder. Dang! ;-)
How would this work? Quite simple really. We use some of our existing
"few good primitives" and put them to work for this use case as follows...
To create a Folder one creates a RegistryPackage.
To assign access control to a folder access control one uses "reference
access control" using XACML ACP that we already support. See a couple of
examples attached. The examples have comments explaining things.
To create a file within a folder one simply creates a RegistryObject
(which could be a RegistryPackage / folder) and adds it as a member of
the RegistryPackage for the folder. The file can have its own ACP. This
is just like Unix file system permissions which is a tried and trusted
model. BTW Unix filesystem is not violating MVC - is it?
Finally, note that we do not have to introduce any new "Folder" or
"File" type in RIM. In fact we do not have to change RIM at all!
In summary, with little effort we provide a valuable enhancement to our
repository feature.
Does this explaination address some of the concerns and clear some
misunderstandings?
PS: My apologies for missing yesterday's meeting. My best friend's epic
2 month long wedding party had another significant event.
--
Regards,
Farrukh
To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php.
--
Carl Mattocks
co-Chair OASIS (ISO/TS 15000) ebXMLRegistry Semantic Content SC
co-Chair OASIS Business Centric Methodology TC
CEO CHECKMi
v/f (usa) 908 322 8715
www.CHECKMi.com
Semantically Smart Compendiums
(AOL) IM CarlCHECKMi
To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/regrep/members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]