proposal for wac:defaultInclude relation for acl. #79
Conversation
bblfish
force-pushed
the
patch-2
branch
2 times, most recently
from
e446f0a to
56e8a80
Compare
bblfish
force-pushed
the
patch-2
branch
2 times, most recently
from
cb6dd72 to
5754325
Compare
| @@ -21,14 21,14 @@ In `monotonic`, ACL permissions are cumulative (inherited from the ancestors) an | |||
|
|
|||
| #### Pro | |||
| - Not as fast as defaultForNew but can be | |||
| - Simple hierarchical permission (e.g. everything in `/shared` is shared) | |||
| - Simple hierarchical permission (e.g. everything in `/shared` is shared) (bblfish: does that mean that a resource cannot unlink from a previous permission?) | |||
There was a problem hiding this comment.
@bblfish - can you do comments via the Github PR UI (mouse over the line number that you want to comment on, it turns into , which opens the comments textbox), instead of inline in the actual text?
There was a problem hiding this comment.
Ah yes, had not thought of that.
| - Can be fast as it only has to find one ACL file to give the permission it needs | ||
| - Monotonic: Once a user or any agent knows the ACL it can apply it as a rule. An ACL is a first class fact. It can be digitally signed, transported, and used to demand access at a later date, etc. Monotonicness is useful. | ||
|
|
||
| #### Cons | ||
| - It is slower than `defaultFor new`, but the search stops the moment it finds success. | ||
| - It can't have private subfolders within shared folders. Given that permissions cannot be reverted (with the current WAC specification), a subfolder cannot be private in a shared folder. This system is monotonic. | ||
| - User has to be aware of the permissions given to the parent folders | ||
| - User has to be aware of the permissions given to the parent folders |
There was a problem hiding this comment.
Why not use wac:include?
I don't think I quite understand this section.
Note that it is possible to comment here, but I don't think it is possible to comment on the the main branch...
|
So it was decided that PRs are better than wikis. Note: The section I added may be related to the previous points but I can't tell for sure, as there are a lot of words that are not defined clearly enough for me. Hopefully this can be clarified through a discussion. |
Note: as this document is really a work in progress discussion space, it would probably have been better to place it in the wiki.