IETF Logo Mail Archive

Re: Access Control for AtomPub

Paul Fremantle <pzfreo@gmail.com> Thu, 20 January 2011 09:58 UTC

Return-Path: <owner-atom-syntax@mail.imc.org>
X-Original-To: ietfarch-atompub-archive@core3.amsl.com
Delivered-To: ietfarch-atompub-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F2CA28C0E3 for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:58:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEyDicz0gPOS for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:58:02 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 4685628C134 for <atompub-archive@ietf.org>; Thu, 20 Jan 2011 01:58:02 -0800 (PST)
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rDJG041735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K9rD8U041734; Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f
Received: from mail-ew0-f43.google.com (mail-ew0-f43.google.com [209.85.215.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rABL041723 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Thu, 20 Jan 2011 02:53:12 -0700 (MST) (envelope-from pzfreo@gmail.com)
Received: by ewy22 with SMTP id 22so139169ewy.16 for <multiple recipients>; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c08q/ilFqmRZlVbdUVIeRsMzJCEe+fRKDSQNHRJclh0=; b=D9fZWpvOOBNbm/8do5KkFHkEvd3NVgtUrTWNjcVqbhCQILOoCilm12ltv3voGctPuT 9rdyGGe/U+mm+3paJ7/0OD/0YGqosnjbw1158nA4v2/bVkQH87vkXry7HrdeXNrjcHuN cNm1Tj+XwI/l89oDMUiRub5bLxxw4N/gw8htA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=p2UXJ+0vAUeCQSmTQvzYGyl94XGHBz45GTh4HER05NiRlYvgs1lJWDMikzJOBOXkq6 H0kmP7gO0BY1iKqQ/NDQf6wEwYfjxbTNieks7XfgrnrR2eFU+SgqJ59qpTgk4Qxt4fhb VhLY9BuZrOIuiZNiK6AURZEst/q53JxHQ7mOo=
MIME-Version: 1.0
Received: by 10.213.33.206 with SMTP id i14mr2607496ebd.80.1295517189413; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
Received: by 10.213.22.130 with HTTP; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
In-Reply-To: <20110120093453.GC3277@aliman-desktop>
References: <20110119175151.GB5578@aliman-desktop> <AANLkTikEQ7-85j2KiJ=213xrekufGt0wuthZ=SjGJqQZ@mail.gmail.com> <20110120093453.GC3277@aliman-desktop>
Date: Thu, 20 Jan 2011 09:53:09 +0000
Message-ID: <AANLkTimpKM8pGoVqis1T7aSyC=ctVdxMdc=wzJNC5pF+@mail.gmail.com>
Subject: Re: Access Control for AtomPub
From: Paul Fremantle <pzfreo@gmail.com>
To: Alistair Miles <alimanfoo@googlemail.com>
Cc: atom-protocol@imc.org, atom-syntax@imc.org
Content-Type: text/plain; charset="ISO-8859-1"
Sender: owner-atom-syntax@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-Unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
List-ID: <atom-syntax.imc.org>

Sorry yes. Doh. I've just got back from a long haul trip and I was a
little jetlagged when I wrote that. Yes I do mean Abdera.

I wasn't the developer on the project, but I know the basic scheme.
All the resources in the repository form a single tree. Every part of
the tree can have its own permissions.

http://wso2.org/project/registry/3.5.1/docs/user_guide/resource_ui.html#Permissions

This is implemented via Abdera. However, I don't have the details at
hand. You could ask on carbon-dev@wso2.org and someone subscribed
there will have the answers!

Paul

On Thu, Jan 20, 2011 at 9:34 AM, Alistair Miles
<alimanfoo@googlemail.com> wrote:
> Hi Paul,
>
> On Wed, Jan 19, 2011 at 07:15:03PM +0000, Paul Fremantle wrote:
>> WSO2 Governance Registry (http://wso2.org/library/governance-registry)
>> is an Open Source registry/repository that implements fine-grained
>> access control for Atom/AtomPub. We use Apache Shindig as the AtomPub
>> implementation and have added access control.
>
> Thanks for this. Would you be able to point me at any documentation that
> explains how your access control works? That would be much appreciated
> (I couldn't find anything with a casual browse).
>
> Also, it's the first I've heard of shindig, so I may be missing something,
> but I can't see how you'd use that as an atompub implementation (although I
> see the opensocial API has an Atom representation [1], so I guess shindig
> must implement that?). Did you mean Apache Abdera?
>
> If you had code that implemented access control for abdera, I'd be very
> interested. I haven't heard of anything like that so far, but I don't know
> abdera well, so could be missing something.
>
> Thanks,
>
> Alistair
>
> [1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html
>
>>
>> Paul
>>
>> On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles
>> <alimanfoo@googlemail.com> wrote:
>> >
>> > Hi all,
>> >
>> > Apologies for mailing both atom-* lists, I wasn't sure which was the right
>> > forum for this.
>> >
>> > With colleagues at the University of Oxford, I've been doing some work on
>> > access control for atompub-based data repositories. We have a vanilla atompub
>> > implementation called AtomBeat, which has a security plugin that supports
>> > fine-grained access control policies via access control lists. There's some
>> > documentation at:
>> >
>> > http://code.google.com/p/atombeat/wiki/TutorialAccessControl
>> >
>> > I guess I'm emailing because I'd be very interested to hear from anyone
>> > who's done any work on authorization and access control for systems based
>> > on atompub. This stuff isn't easy, and I'd really appreciate any insights
>> > or experience or links to discussions or existing implementation work.
>> >
>> > Other relevant work I'm aware of is the work on access control in CMIS [1]
>> > (which I need to study in more detail, haven't fully understood yet), the
>> > various bits of the GData APIs that support access control (e.g., calendar
>> > API [2]), and a discussion of feed access control and licensing on rss-public
>> > from 2006 [3] ... please let me know if I'm missing anything major.
>> >
>> > Cheers,
>> >
>> > Alistair
>> >
>> > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html
>> > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar
>> > [3] http://tech.groups.yahoo.com/group/rss-public/message/724
>> >
>> > --
>> > Alistair Miles
>> > Head of Epidemiological Informatics
>> > Centre for Genomics and Global Health <http://cggh.org>
>> > The Wellcome Trust Centre for Human Genetics
>> > Roosevelt Drive
>> > Oxford
>> > OX3 7BN
>> > United Kingdom
>> > Web: http://purl.org/net/aliman
>> > Email: alimanfoo@gmail.com
>> > Tel: +44 (0)1865 287669
>> >
>> >
>>
>>
>>
>> --
>> Paul Fremantle
>> Co-Founder and CTO, WSO2
>> Apache Synapse PMC Chair
>> OASIS WS-RX TC Co-chair
>>
>> blog: http://pzf.fremantle.org
>> paul@wso2.com
>>
>> "Oxygenating the Web Service Platform", www.wso2.com
>
> --
> Alistair Miles
> Head of Epidemiological Informatics
> Centre for Genomics and Global Health <http://cggh.org>
> The Wellcome Trust Centre for Human Genetics
> Roosevelt Drive
> Oxford
> OX3 7BN
> United Kingdom
> Web: http://purl.org/net/aliman
> Email: alimanfoo@gmail.com
> Tel: +44 (0)1865 287669
>



-- 
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

v2.23.0 | Report a Bug | By Email