Hi Anatoly On Thu, May 30, 2013 at 6:52 AM, אנטולי קרסנר <[email protected]> wrote:
> Hello, > > > My program consists of two parts: > > 1) On the lower level, an RDF schema is defined. It's a standard set of > classes and properties, possible extended by users who want more options > (using a definition language translated to RDF). > > 2) On the high level, the user defines resources using those classes and > properties. > > There's no problem with the lower level, because the data model is > public: Even if a user decides to add new content, she's very welcome to > share it and make other people's apps have more features. Yes and no. Adding classes and properties is easy but the removal/renaming is complicated: App A installs ClassA, subclass of CoreA App B installs PropertyB to ClassA What happens if App A wants to change its classes? Rename ClassA to ClassA2? Now we uninstall app A. What do we do with its schema? Add here changing properties domain or cardinality... > The problem is > with the second part. In the higher level, the user defines tasks, > meetings, appointments, plans and schedules. These may be private, and > the user may prefer to to have any info in the URI revealing the source > of the information. > Here are two things, security and URI schemes, and they are independent. RDF is just a graph with no permissions/security in it. The software on top should take care of exposing only the right nodes and edges to the client depending on its permissions. Not a trivial problem. > > So here are the questions I have on my mind: > > 1) Which URI scheme should I use? I don't have a website or any web > pages, so using http doesn't make sense. It also doesn't seem to make > sense to use any other standard IANA-registered URI. I've been > considering two options: Use some custom, my own, URI scheme name for > public resources, and use a bare URN for private ones, something like > this: > urn : random_name_i_made_up : some_private_resource_uuid > But I was wondering whether a custom URI scheme is a good decision, I'm > open to hear ideas from you :) > The URI just needs to be a *unique* ID of a resource. At least in Tracker terms, autogenerated or using your own schema doesn't make any difference. > 2) How to hide the private resources? On one hand, it may be very useful > for the URI to tell where a task came from, especially when tasks are > shared and delegated between people. On the other hand, it doesn't > consider privacy. Then I was thinking, can I/should I use two different > URI styles depending on user settings? This would create some > inconsistency. I'm not sure what to do here, since I don't have any > experience with URIs. Hopefully you have some advice for me. > If you use the URI to detect privacy... any client who doesn't honor your pattern will have access to everything. As a rule of thumb, it is not good to encode information in the URL. Specifically in Tracker, there is no way to hide "some" resources. There is a database per-user, and anything with user permissions can read/write anything in the store of that user. In other words, either you have access to the graph or you don't. <[email protected]>You could to store those private resources in some different db (internal for your app)... ugly, but blame RDF :) Regards, Ivan
_______________________________________________ tracker-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/tracker-list
