On Tuesday, January 15, 2002, at 11:50 AM, Niels Peter Strandberg wrote:
I see in the source code that you are working on user/group security and read and write access. One powerful feature would be to add xpath based security. By allowing a user or group read/write access to a specific xpath in a collection or document.
<person> <name>John Doe</name> <salary>1000</salary> <- no access </person>
---- not real - access xml doc --- <group> <user id="bigboss"> <access> <collection id="documents"> <xpath>//salary</xpath> <privileges>none</privileges> </collection> </access> </user> </group>
This is just a quick example - an a final suggestion.
This is the kind of thing several people have asked for.
I'm just going to throw out some random thoughts, thinking out loud.
You'd have to check all XPaths defined for a collection each time a document is retrieved or updated or a query is executed. If you do this at a sufficiently low level it shouldn't be too difficult, but it will have a real impact on how things like query results are handled. For instance it would be very possible to have a query where some results are allowed and some aren't.
It also impacts how documents are returned. What happens if you're restricted from just part of a document? Do you not get the document at all or do you just get the part you're allowed access to?
If you do only return part of the document, what happens when the person modifies it and tries to store it back?
If you do just deny the whole document then why even bother with the path based access control? Actually, it'd probably still be useful for denying the same document to different users for different reasons. Hmm, that might work, but you'd also be denying access to information that a user should have access to if they're only denied for part of a document.
This also applies to queries. What happens when a query is allowed to access part of document, but is denied from the rest?
To make it efficient you'd probably have to have some kind of permissions cache that is maintained every time a document is modified.
Reconciling multiple paths will be tricky, especially if you allow things like the descendent-or-self axis. It might be worth considering only allowing a subset of XPath axis.
Namespaces must be considered, which means you need to be able to define a ns prefix before using it in a path.
Just some quick thoughts.
What do you think?
Regards, Niels Peter
Kimbro Staken XML Database Software, Consulting and Writing http://www.xmldatabases.org/
