On Wed, Dec 11, 2013 at 11:41 AM, David Lee <[email protected]> wrote:
> Harry, how many users have you tried with this scheme ? > I am myself considering something for a demo app but not sure if it scales > to thousands or hundreds of thousands or millions of users. > This is my concern also. I need to scale to millions of users. However, each user will likely have less than one hundred other users to share documents with. > > > There is also the issue that if you want to share a large set of documents > to a new user (say 10,000 docs) then those 10,000 docs need to be "touched' > (e.g. read and written), > > this could be a heavy operation. > > > This is a scalability issue I would like to see if someone has experience with. I could easily have a user with 10,000 or more documents. What is the performance like when a new share is created across all of them? > The alternative, which is not as elegant but might perform better is to > keep access lists as data (say in an XML file or files) and handle the > access control at the user level. > > You are right this is not as clean nor proven as using the system level > access control but it might be > > * faster > > * easier > > > This seems to be a brittle approach. Though it may be the best? > > > Another option might be to store the access list of a document in document > properties. You still have to touch the same number of files but > potentially smaller changes > > (assuming the access list is smaller then the document) and you can do > property based searches combined with document searches so no "joining" > required. > > This approach also crossed my mind because in relative terms, my access list will be small. I think this would make a great paper or blog > > > > "How to handle access control of large numbers of users and documents" > > Good idea. Now we just need to do the research. :-) One thing I am not certain of yet. What are the security and performance implications of using keywords in a document and then through a query provide visibility (to the UI) to only some of the documents? IOW: a user might have read access to documents in a collection, but not knowing that they exist and not having any access to the collection except via the UI. Security through obscurity kind of rings out that idea though. THoguhts? --Tim -- MLHIM VIP Signup: http://goo.gl/22B0U ============================================ Timothy Cook, MSc +55 21 94711995 MLHIM http://www.mlhim.org Like Us on FB: https://www.facebook.com/mlhim2 Circle us on G+: http://goo.gl/44EV5 Google Scholar: http://goo.gl/MMZ1o LinkedIn Profile:http://www.linkedin.com/in/timothywaynecook
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
