On Wed, 16 Jan 2002 03:52:58 -0700 Kimbro Staken <[EMAIL PROTECTED]> wrote:
> > On Tuesday, January 15, 2002, at 11:50 AM, Niels Peter Strandberg wrote: > > > I see in the source code that you are working on user/group security and > > read and write access. One powerful feature would be to add xpath based > > security. By allowing a user or group read/write access to a specific > > xpath in a collection or document. > > > > <person> > > <name>John Doe</name> > > <salary>1000</salary> <- no access > > </person> > > > > ---- not real - access xml doc --- > > <group> > > <user id="bigboss"> > > <access> > > <collection id="documents"> > > <xpath>//salary</xpath> > > <privileges>none</privileges> > > </collection> > > </access> > > </user> > > </group> > > > > This is just a quick example - an a final suggestion. > > > > This is the kind of thing several people have asked for. > > I'm just going to throw out some random thoughts, thinking out loud. > > You'd have to check all XPaths defined for a collection each time a > document is retrieved or updated or a query is executed. If you do this at > a sufficiently low level it shouldn't be too difficult, but it will have a > real impact on how things like query results are handled. For instance it > would be very possible to have a query where some results are allowed and > some aren't. > > It also impacts how documents are returned. What happens if you're > restricted from just part of a document? Do you not get the document at > all or do you just get the part you're allowed access to? > > If you do only return part of the document, what happens when the person > modifies it and tries to store it back? > > If you do just deny the whole document then why even bother with the path > based access control? Actually, it'd probably still be useful for denying > the same document to different users for different reasons. Hmm, that > might work, but you'd also be denying access to information that a user > should have access to if they're only denied for part of a document. > > This also applies to queries. What happens when a query is allowed to > access part of document, but is denied from the rest? > > To make it efficient you'd probably have to have some kind of permissions > cache that is maintained every time a document is modified. > > Reconciling multiple paths will be tricky, especially if you allow things > like the descendent-or-self axis. It might be worth considering only > allowing a subset of XPath axis. > > Namespaces must be considered, which means you need to be able to define a > ns prefix before using it in a path. > > Just some quick thoughts. > > > What do you think? What about XML Access Control to be found at http://www.xmldb.org/projects.html and proposed by Jonathan Borden? -- ______________________________________________________________________ Lars Martin mailto:[EMAIL PROTECTED] SMB GmbH http://www.smb-tec.com
