Re: Access Control for AtomPub
Paul Fremantle <pzfreo@gmail.com> Thu, 20 January 2011 09:58 UTC
Return-Path: <owner-atom-syntax@mail.imc.org>
X-Original-To: ietfarch-atompub-archive@core3.amsl.com
Delivered-To: ietfarch-atompub-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F2CA28C0E3 for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:58:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEyDicz0gPOS for <ietfarch-atompub-archive@core3.amsl.com>; Thu, 20 Jan 2011 01:58:02 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 4685628C134 for <atompub-archive@ietf.org>; Thu, 20 Jan 2011 01:58:02 -0800 (PST)
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rDJG041735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K9rD8U041734; Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f
Received: from mail-ew0-f43.google.com (mail-ew0-f43.google.com [209.85.215.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rABL041723 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Thu, 20 Jan 2011 02:53:12 -0700 (MST) (envelope-from pzfreo@gmail.com)
Received: by ewy22 with SMTP id 22so139169ewy.16 for <multiple recipients>; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c08q/ilFqmRZlVbdUVIeRsMzJCEe+fRKDSQNHRJclh0=; b=D9fZWpvOOBNbm/8do5KkFHkEvd3NVgtUrTWNjcVqbhCQILOoCilm12ltv3voGctPuT 9rdyGGe/U+mm+3paJ7/0OD/0YGqosnjbw1158nA4v2/bVkQH87vkXry7HrdeXNrjcHuN cNm1Tj+XwI/l89oDMUiRub5bLxxw4N/gw8htA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=p2UXJ+0vAUeCQSmTQvzYGyl94XGHBz45GTh4HER05NiRlYvgs1lJWDMikzJOBOXkq6 H0kmP7gO0BY1iKqQ/NDQf6wEwYfjxbTNieks7XfgrnrR2eFU+SgqJ59qpTgk4Qxt4fhb VhLY9BuZrOIuiZNiK6AURZEst/q53JxHQ7mOo=
MIME-Version: 1.0
Received: by 10.213.33.206 with SMTP id i14mr2607496ebd.80.1295517189413; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
Received: by 10.213.22.130 with HTTP; Thu, 20 Jan 2011 01:53:09 -0800 (PST)
In-Reply-To: <20110120093453.GC3277@aliman-desktop>
References: <20110119175151.GB5578@aliman-desktop> <AANLkTikEQ7-85j2KiJ=213xrekufGt0wuthZ=SjGJqQZ@mail.gmail.com> <20110120093453.GC3277@aliman-desktop>
Date: Thu, 20 Jan 2011 09:53:09 +0000
Message-ID: <AANLkTimpKM8pGoVqis1T7aSyC=ctVdxMdc=wzJNC5pF+@mail.gmail.com>
Subject: Re: Access Control for AtomPub
From: Paul Fremantle <pzfreo@gmail.com>
To: Alistair Miles <alimanfoo@googlemail.com>
Cc: atom-protocol@imc.org, atom-syntax@imc.org
Content-Type: text/plain; charset="ISO-8859-1"
Sender: owner-atom-syntax@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/atom-syntax/mail-archive/>
List-Unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>
List-ID: <atom-syntax.imc.org>
Sorry yes. Doh. I've just got back from a long haul trip and I was a little jetlagged when I wrote that. Yes I do mean Abdera. I wasn't the developer on the project, but I know the basic scheme. All the resources in the repository form a single tree. Every part of the tree can have its own permissions. http://wso2.org/project/registry/3.5.1/docs/user_guide/resource_ui.html#Permissions This is implemented via Abdera. However, I don't have the details at hand. You could ask on carbon-dev@wso2.org and someone subscribed there will have the answers! Paul On Thu, Jan 20, 2011 at 9:34 AM, Alistair Miles <alimanfoo@googlemail.com> wrote: > Hi Paul, > > On Wed, Jan 19, 2011 at 07:15:03PM +0000, Paul Fremantle wrote: >> WSO2 Governance Registry (http://wso2.org/library/governance-registry) >> is an Open Source registry/repository that implements fine-grained >> access control for Atom/AtomPub. We use Apache Shindig as the AtomPub >> implementation and have added access control. > > Thanks for this. Would you be able to point me at any documentation that > explains how your access control works? That would be much appreciated > (I couldn't find anything with a casual browse). > > Also, it's the first I've heard of shindig, so I may be missing something, > but I can't see how you'd use that as an atompub implementation (although I > see the opensocial API has an Atom representation [1], so I guess shindig > must implement that?). Did you mean Apache Abdera? > > If you had code that implemented access control for abdera, I'd be very > interested. I haven't heard of anything like that so far, but I don't know > abdera well, so could be missing something. > > Thanks, > > Alistair > > [1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html > >> >> Paul >> >> On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles >> <alimanfoo@googlemail.com> wrote: >> > >> > Hi all, >> > >> > Apologies for mailing both atom-* lists, I wasn't sure which was the right >> > forum for this. >> > >> > With colleagues at the University of Oxford, I've been doing some work on >> > access control for atompub-based data repositories. We have a vanilla atompub >> > implementation called AtomBeat, which has a security plugin that supports >> > fine-grained access control policies via access control lists. There's some >> > documentation at: >> > >> > http://code.google.com/p/atombeat/wiki/TutorialAccessControl >> > >> > I guess I'm emailing because I'd be very interested to hear from anyone >> > who's done any work on authorization and access control for systems based >> > on atompub. This stuff isn't easy, and I'd really appreciate any insights >> > or experience or links to discussions or existing implementation work. >> > >> > Other relevant work I'm aware of is the work on access control in CMIS [1] >> > (which I need to study in more detail, haven't fully understood yet), the >> > various bits of the GData APIs that support access control (e.g., calendar >> > API [2]), and a discussion of feed access control and licensing on rss-public >> > from 2006 [3] ... please let me know if I'm missing anything major. >> > >> > Cheers, >> > >> > Alistair >> > >> > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html >> > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar >> > [3] http://tech.groups.yahoo.com/group/rss-public/message/724 >> > >> > -- >> > Alistair Miles >> > Head of Epidemiological Informatics >> > Centre for Genomics and Global Health <http://cggh.org> >> > The Wellcome Trust Centre for Human Genetics >> > Roosevelt Drive >> > Oxford >> > OX3 7BN >> > United Kingdom >> > Web: http://purl.org/net/aliman >> > Email: alimanfoo@gmail.com >> > Tel: +44 (0)1865 287669 >> > >> > >> >> >> >> -- >> Paul Fremantle >> Co-Founder and CTO, WSO2 >> Apache Synapse PMC Chair >> OASIS WS-RX TC Co-chair >> >> blog: http://pzf.fremantle.org >> paul@wso2.com >> >> "Oxygenating the Web Service Platform", www.wso2.com > > -- > Alistair Miles > Head of Epidemiological Informatics > Centre for Genomics and Global Health <http://cggh.org> > The Wellcome Trust Centre for Human Genetics > Roosevelt Drive > Oxford > OX3 7BN > United Kingdom > Web: http://purl.org/net/aliman > Email: alimanfoo@gmail.com > Tel: +44 (0)1865 287669 > -- Paul Fremantle Co-Founder and CTO, WSO2 Apache Synapse PMC Chair OASIS WS-RX TC Co-chair blog: http://pzf.fremantle.org paul@wso2.com "Oxygenating the Web Service Platform", www.wso2.com
- Access Control for AtomPub Alistair Miles
- Re: Access Control for AtomPub Paul Fremantle
- Re: Access Control for AtomPub Alistair Miles
- Re: Access Control for AtomPub Paul Fremantle