Got it, here are the links that I have on RBAC/ACL/Access Control. Some of these are specific to Solr.
http://www.xaprb.com/blog/2006/08/16/how-to-build-role-based-access-control-in-sql/ http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/ http://php.dzone.com/articles/php-access-control?page=0,1 http://www.tonymarston.net/php-mysql/role-based-access-control.html http://www.tonymarston.net/php-mysql/menuguide/appendixc.html http://php.dzone.com/articles/php-access-control?page=0,1 http://trac.symfony-project.org/wiki/UserRbac http://www.tonymarston.net/php-mysql/role-based-access-control.html http://www.tonymarston.net/php-mysql/menuguide/appendixc.html http://trac.symfony-project.org/wiki/UserRbac http://code.google.com/p/kohana-mptt/source/browse/trunk/acl/libraries/Acl.php?r=82 http://www.oracle.com/technetwork/articles/javaee/ajax-135201.html http://phpgacl.sourceforge.net/ http://www.java2s.com/Code/Java/GWT/ClassthatactsasaclienttoaJSONservice.htm http://dev.w3.org/perl/modules/W3C/Rnodes/bin/makeAclTables.sql http://dev.juokaz.com/ http://dev.w3.org/perl/modules/W3C/Rnodes/bin/makeAclTables.sql http://stackoverflow.com/questions/54230/cakephp-acl-database-setup-aro-aco-structure http://phpgacl.sourceforge.net/ http://blog.reardonsoftware.com/2010/07/spring-security-acl-schema-for-oracle.html http://www.mail-archive.com/symfony-users@googlegroups.com/msg29537.html http://www.schemaweb.info/schema/SchemaInfo.aspx?id=167 http://www.assembla.com/code/backendpro/subversion/nodes/trunk/modules/auth/libraries/Khacl.php?rev=169 http://framework.zend.com/wiki/display/ZFUSER/Using+Zend_Acl+with+a+database+backend http://www.w3.org/2001/04/20-ACLs#Structure http://lucene.472066.n3.nabble.com/Modelling-Access-Control-td1756817.html#a1759372 http://www.tonymarston.net/php-mysql/role-based-access-control.html http://phpgacl.sourceforge.net/ http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/#comment-112 http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/ http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/ http://php.dzone.com/articles/php-access-control?page=0,1 https://issues.apache.org/jira/browse/SOLR-1834 http://www.tonymarston.net/php-mysql/role-based-access-control.html http://php.dzone.com/articles/php-access-control?page=0,1 http://www.yiiframework.com/doc/guide/1.1/en/topics.auth#role-based-access-control http://lucene.472066.n3.nabble.com/Modelling-Access-Control-td1756817.html#a1759372 http://phpgacl.sourceforge.net/ http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/#comment-112 http://jmcneese.wordpress.com/2009/04/05/row-level-model-access-control-for-cakephp/ http://www.yiiframework.com/doc/guide/topics.auth#role-based-access-control ----- Original Message ---- From: Dennis Gearon <gear...@sbcglobal.net> To: solr-user@lucene.apache.org Sent: Sat, January 22, 2011 1:22:04 PM Subject: Re: api key filtering Dang! There were hot, clickable links in the web mail I put them in. I guess you guys can search for those strings on google and find them. Sorry. ----- Original Message ---- From: Dennis Gearon <gear...@sbcglobal.net> To: solr-user@lucene.apache.org Sent: Sat, January 22, 2011 1:09:26 PM Subject: Re: api key filtering The links didn't work, so here the are again, NOT from a sent folder: PHP Access Control - PHP5 CMS Framework Development | PHP Zone A Role-Based Access Control (RBAC) system for PHP Appendix C: Task-Field Access Role-based access control in SQL, part 2 at Xaprb PHP Access Control - PHP5 CMS Framework Development | PHP Zone UserRbac - symfony - Trac A Role-Based Access Control (RBAC) system for PHP Appendix C: Task-Field Access Role-based access control in SQL, part 2 at Xaprb UserRbac - symfony - Trac Acl.php - kohana-mptt - Project Hosting on Google Code CANDIDATE-PHP Generic Access Control Lists http://dev.w3.org/perl/modules/W3C/Rnodes/bin/makeAclTables.sql makeAclTables.sql php - CakePHP ACL Database Setup: ARO / ACO structure? - Stack Overflow PHP Generic Access Control Lists Reardon's Ruminations: Spring Security ACL Schema for Oracle Re: [symfony-users] Implementing an existing ACL API in symfony SchemaWeb - Classes And Properties - ACL Schema trunk/modules/auth/libraries/Khacl.php | Source/SVN | Assembla Using Zend_Acl with a database backend - Zend Framework Wiki W3C ACL System Dennis Gearon Signature Warning ---------------- It is always a good idea to learn from your own mistakes. It is usually a better idea to learn from others’ mistakes, so you do not have to make them yourself. from 'http://blogs.techrepublic.com.com/security/?p=4501&tag=nl.e036' EARTH has a Right To Life, otherwise we all die. ----- Original Message ---- From: Matt Mitchell <goodie...@gmail.com> To: solr-user@lucene.apache.org Sent: Sat, January 22, 2011 12:50:24 PM Subject: Re: api key filtering Hey thanks I'll definitely have a read. The only problem with this though, is that our api is a thin layer of app-code, with solr only (no db), we index data from our sql db into solr, and push the index off for consumption. The only other idea I had was to send a list of the allowed document ids along with every solr query, but then I'm sure I'd run into a filter query limit. Each key could be associated with up to 2k documents, so that's 2k values in an fq which would probably be too many for lucene (I think its limit 1024). Matt On Sat, Jan 22, 2011 at 3:40 PM, Dennis Gearon <gear...@sbcglobal.net>wrote: > The only way that you would have that many api keys per record, is if one > of > them represented 'public', right? 'public' is a ROLE. Your answer is to use > RBAC > style techniques. > > > Here are some links that I have on the subject. What I'm thinking of doing > is: > Sorry for formatting, Firefox is freaking out. I cut and pasted these from > an > email from my sent box. I hope the links came out. > > > Part 1 > > >http://www.xaprb.com/blog/2006/08/16/how-to-build-role-based-access-control-in-sql/ > > >/ > > > Part2 > Role-based access control in SQL, part 2 at Xaprb > > > > > > ACL/RBAC Bookmarks ALL > > UserRbac - symfony - Trac > A Role-Based Access Control (RBAC) system for PHP > Appendix C: Task-Field Access > Role-based access control in SQL, part 2 at Xaprb > PHP Access Control - PHP5 CMS Framework Development | PHP Zone > Linux file and directory permissions > MySQL :: MySQL 5.0 Reference Manual :: C.5.4.1 How to Reset the Root > Password > per RECORD/Entity permissions? - symfony users | Google Groups > Special Topics: Authentication and Authorization | The Definitive Guide to > Yii | > Yii Framework > > att.net Mail (gear...@sbcglobal.net) > Solr - User - Modelling Access Control > PHP Generic Access Control Lists > Row-level Model Access Control for CakePHP « some flot, some jet > Row-level Model Access Control for CakePHP « some flot, some jet > Yahoo! GeoCities: Get a web site with easy-to-use site building tools. > Class that acts as a client to a JSON service : JSON « GWT « Java > Juozas Kaziukėnas devBlog > Re: [symfony-users] Implementing an existing ACL API in symfony > php - CakePHP ACL Database Setup: ARO / ACO structure? - Stack Overflow > W3C ACL System > makeAclTables.sql > SchemaWeb - Classes And Properties - ACL Schema > Reardon's Ruminations: Spring Security ACL Schema for Oracle > trunk/modules/auth/libraries/Khacl.php | Source/SVN | Assembla > Acl.php - kohana-mptt - Project Hosting on Google Code > Asynchronous JavaScript Technology and XML (Ajax) With the Java Platform > The page cannot be found > > > Dennis Gearon > > > Signature Warning > ---------------- > It is always a good idea to learn from your own mistakes. It is usually a > better > idea to learn from others’ mistakes, so you do not have to make them > yourself. > from 'http://blogs.techrepublic.com.com/security/?p=4501&tag=nl.e036' > > > EARTH has a Right To Life, > otherwise we all die. > > > > ----- Original Message ---- > From: Matt Mitchell <goodie...@gmail.com> > To: solr-user@lucene.apache.org > Sent: Sat, January 22, 2011 11:48:22 AM > Subject: api key filtering > > Just wanted to see if others are handling this in some special way, but I > think this is pretty simple. > > We have a database of api keys that map to "allowed" db records. I'm > planning on indexing the db records into solr, along with their api keys in > an indexed, non-stored, multi-valued field. Then, to query for docs that > belong to a particular api key, they'll be queried using a filter query on > api_key. > > The only concern of mine is that, what if we end up with 100k api_keys? > Would it be a problem to have 100k non-stored keys in each document? We > have > about 500k documents total. > > Matt > >
