Re: Access Control for AtomPub
Alistair Miles <alimanfoo@googlemail.com> Thu, 20 January 2011 09:41 UTC
Return-Path: <owner-atom-syntax@mail.imc.org>
X-Original-To: ietfarch-atompub-archive@core3.amsl.com
Delivered-To: ietfarch-atompub-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E03533A70DF for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:41:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.126
X-Spam-Level:
X-Spam-Status: No, score=-1.126 tagged_above=-999 required=5 tests=[AWL=0.920, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ed5in-sCyphq for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:41:04 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 9A3D53A6EAA for <atompub-archive@ietf.org>; Thu, 20 Jan 2011 01:41:04 -0800 (PST)
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9Z0CL040845 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 02:35:00 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K9Z0UH040844; Thu, 20 Jan 2011 02:35:00 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f
Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9YwLI040832 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Thu, 20 Jan 2011 02:34:59 -0700 (MST) (envelope-from alimanfoo@googlemail.com)
Received: by wwi18 with SMTP id 18so409132wwi.22 for <multiple recipients>; Thu, 20 Jan 2011 01:34:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=J75zKxYbd3jX5DGjZ3M5iGfkT9touB7nElyEYbhborY=; b=qoq9Q7bHYUv12eRxi6EDw3b2myKSMW9QdJhbngXIdl5BzL7RSXyyKHrgAy3I9aQ/+t ojdO8Vwkq2vRqZhNxRtxTs51TYDJsxi6Z3VhpWrnc6WatpA7p/5LthfBUxyUTflsEGQ1 gu9wZBfntUJnESuLEyZVdqbjQTk4Si3XeBXek=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=ptMnO4cWJXtIfaLNYERyw7ysmtSes9Qo3SIMuoK87jnSOwU9KpYT56zctixbehuqV2 2IEYvOOt9/3HIPNMvAP8nDljVb7f9Tq6ZAgr+2g4Xskk/t6m+h0lokitcq6GTK9hZhIA G/Pry1mQAMfCG5/hx9kl74ydYfUVGh/+VzYV4=
Received: by 10.227.135.75 with SMTP id m11mr2021578wbt.122.1295516096868; Thu, 20 Jan 2011 01:34:56 -0800 (PST)
Received: from aliman-desktop (dhcp414.well.ox.ac.uk [129.67.46.1]) by mx.google.com with ESMTPS id r6sm4130803weq.44.2011.01.20.01.34.55 (version=SSLv3 cipher=RC4-MD5); Thu, 20 Jan 2011 01:34:55 -0800 (PST)
Date: Thu, 20 Jan 2011 09:34:53 +0000
From: Alistair Miles <alimanfoo@googlemail.com>
To: Paul Fremantle <pzfreo@gmail.com>
Cc: atom-protocol@imc.org, atom-syntax@imc.org
Subject: Re: Access Control for AtomPub
Message-ID: <20110120093453.GC3277@aliman-desktop>
References: <20110119175151.GB5578@aliman-desktop> <AANLkTikEQ7-85j2KiJ=213xrekufGt0wuthZ=SjGJqQZ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <AANLkTikEQ7-85j2KiJ=213xrekufGt0wuthZ=SjGJqQZ@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: owner-atom-syntax@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-Unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
List-ID: <atom-syntax.imc.org>
Hi Paul, On Wed, Jan 19, 2011 at 07:15:03PM +0000, Paul Fremantle wrote: > WSO2 Governance Registry (http://wso2.org/library/governance-registry) > is an Open Source registry/repository that implements fine-grained > access control for Atom/AtomPub. We use Apache Shindig as the AtomPub > implementation and have added access control. Thanks for this. Would you be able to point me at any documentation that explains how your access control works? That would be much appreciated (I couldn't find anything with a casual browse). Also, it's the first I've heard of shindig, so I may be missing something, but I can't see how you'd use that as an atompub implementation (although I see the opensocial API has an Atom representation [1], so I guess shindig must implement that?). Did you mean Apache Abdera? If you had code that implemented access control for abdera, I'd be very interested. I haven't heard of anything like that so far, but I don't know abdera well, so could be missing something. Thanks, Alistair [1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html > > Paul > > On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles > <alimanfoo@googlemail.com> wrote: > > > > Hi all, > > > > Apologies for mailing both atom-* lists, I wasn't sure which was the right > > forum for this. > > > > With colleagues at the University of Oxford, I've been doing some work on > > access control for atompub-based data repositories. We have a vanilla atompub > > implementation called AtomBeat, which has a security plugin that supports > > fine-grained access control policies via access control lists. There's some > > documentation at: > > > > http://code.google.com/p/atombeat/wiki/TutorialAccessControl > > > > I guess I'm emailing because I'd be very interested to hear from anyone > > who's done any work on authorization and access control for systems based > > on atompub. This stuff isn't easy, and I'd really appreciate any insights > > or experience or links to discussions or existing implementation work. > > > > Other relevant work I'm aware of is the work on access control in CMIS [1] > > (which I need to study in more detail, haven't fully understood yet), the > > various bits of the GData APIs that support access control (e.g., calendar > > API [2]), and a discussion of feed access control and licensing on rss-public > > from 2006 [3] ... please let me know if I'm missing anything major. > > > > Cheers, > > > > Alistair > > > > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html > > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar > > [3] http://tech.groups.yahoo.com/group/rss-public/message/724 > > > > -- > > Alistair Miles > > Head of Epidemiological Informatics > > Centre for Genomics and Global Health <http://cggh.org> > > The Wellcome Trust Centre for Human Genetics > > Roosevelt Drive > > Oxford > > OX3 7BN > > United Kingdom > > Web: http://purl.org/net/aliman > > Email: alimanfoo@gmail.com > > Tel: +44 (0)1865 287669 > > > > > > > > -- > Paul Fremantle > Co-Founder and CTO, WSO2 > Apache Synapse PMC Chair > OASIS WS-RX TC Co-chair > > blog: http://pzf.fremantle.org > paul@wso2.com > > "Oxygenating the Web Service Platform", www.wso2.com -- Alistair Miles Head of Epidemiological Informatics Centre for Genomics and Global Health <http://cggh.org> The Wellcome Trust Centre for Human Genetics Roosevelt Drive Oxford OX3 7BN United Kingdom Web: http://purl.org/net/aliman Email: alimanfoo@gmail.com Tel: +44 (0)1865 287669
- Access Control for AtomPub Alistair Miles
- Re: Access Control for AtomPub Paul Fremantle
- Re: Access Control for AtomPub Alistair Miles
- Re: Access Control for AtomPub Paul Fremantle