Re: [RT] Escaping Sitemap Hell - side note

[Peter Hunsberger]

On Thu, 6 Jan 2005 09:29:14 +0100, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Daniel,


 
> In short, the ideas of cool URLs is great, but the implementation domain
> might require otherwise. 

I'm going to try and find time to respond to Daniel in more detail,
but I think the most important thing to distinguish here is the
difference between resource publishing and browser based applications.

"Cool URLs" make sense for resources that are "published"; ie, the
equivalent of being able to look up a book by it's ISBN.  I don't
think anyone would suggest you publish (publicly, but that's implied)
the instructions on how to obtain the keys needed to get into the
doctors office and the file drawers containing your medical
information...

-- 
Peter Hunsberger

Re: [RT] Escaping Sitemap Hell - side note

[Daniel Fagerstrom]

[EMAIL PROTECTED] wrote:
Daniel,
First off: great post. I agree with your ideas and reading through this post
I realised I have tried implementing my URL space along these lines, ending
up with a huge and very unclear sitemap, so every improvement is welcome.
Nice, I had the same realization when I read Tim BL.
However, the example below is a bad one from a privacy/security POV:
Agree, I should have known better as we have worked quite a lot with 
interview data for medical research at my company a few years ago.

The idea is that an URL identifies a resource. For the patient case 
above it could be:
http://myhospital.com/person/123456789
   

In medical software your should always be aware that you will never expose
identifying information to unauthorized persons. Therefore the above URL
would be usable only in an environment where no unauthorized access to the
software or even view of the screen is possible.
Yes agree. My view is that access rights in most cases should be based 
access right of the repository  (or other) content that your resource is 
constructed from, rather on being based on URL patterns. I wrote an RT 
about that a number of years ago: 
http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=101282731120086&w=2 
with current architecture the ideas in that RT is not that easy to 
realize, but with my current proposal it would be easier.

Yes, I know that the first thing most medical software does is put some
identifying data of the patient on the screen (such as name, address, gender
and DOB) and often the ID in the current system as well. This is partly
necessary (except for the ID part), but it should never ever be part of a
cool URL that can be bookmarked or otherwise be addressed directly or stored
outside the application.
Besides the risk that unauthorized people read your bookmark list, using 
the id is a bad idea , as people can use such URLs to query the system. 
If you as a system designer wasn't paranoid enough people can learn 
sensitive stuff from the difference between access denided and resource 
not found messages.

/Daniel
In short, the ideas of cool URLs is great, but the implementation domain
might require otherwise.
Bye, Helma
 

RE: [RT] Escaping Sitemap Hell - side note

[H . vanderLinden]

Daniel,

First off: great post. I agree with your ideas and reading through this post
I realised I have tried implementing my URL space along these lines, ending
up with a huge and very unclear sitemap, so every improvement is welcome.

However, the example below is a bad one from a privacy/security POV:

> The idea is that an URL identifies a resource. For the patient case 
> above it could be:
> http://myhospital.com/person/123456789

In medical software your should always be aware that you will never expose
identifying information to unauthorized persons. Therefore the above URL
would be usable only in an environment where no unauthorized access to the
software or even view of the screen is possible.

Yes, I know that the first thing most medical software does is put some
identifying data of the patient on the screen (such as name, address, gender
and DOB) and often the ID in the current system as well. This is partly
necessary (except for the ID part), but it should never ever be part of a
cool URL that can be bookmarked or otherwise be addressed directly or stored
outside the application.

In short, the ideas of cool URLs is great, but the implementation domain
might require otherwise.

Bye, Helma