Discussion:
Access Control for AtomPub
Alistair Miles
2011-01-19 17:51:51 UTC
Permalink
Hi all,

Apologies for mailing both atom-* lists, I wasn't sure which was the right
forum for this.

With colleagues at the University of Oxford, I've been doing some work on
access control for atompub-based data repositories. We have a vanilla atompub
implementation called AtomBeat, which has a security plugin that supports
fine-grained access control policies via access control lists. There's some
documentation at:

http://code.google.com/p/atombeat/wiki/TutorialAccessControl

I guess I'm emailing because I'd be very interested to hear from anyone
who's done any work on authorization and access control for systems based
on atompub. This stuff isn't easy, and I'd really appreciate any insights
or experience or links to discussions or existing implementation work.

Other relevant work I'm aware of is the work on access control in CMIS [1]
(which I need to study in more detail, haven't fully understood yet), the
various bits of the GData APIs that support access control (e.g., calendar
API [2]), and a discussion of feed access control and licensing on rss-public
from 2006 [3] ... please let me know if I'm missing anything major.

Cheers,

Alistair

[1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html
[2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar
[3] http://tech.groups.yahoo.com/group/rss-public/message/724
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Email: alimanfoo-***@public.gmane.org
Tel: +44 (0)1865 287669
Paul Fremantle
2011-01-19 19:15:03 UTC
Permalink
WSO2 Governance Registry (http://wso2.org/library/governance-registry)
is an Open Source registry/repository that implements fine-grained
access control for Atom/AtomPub. We use Apache Shindig as the AtomPub
implementation and have added access control.

Paul

On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles
Post by Alistair Miles
Hi all,
Apologies for mailing both atom-* lists, I wasn't sure which was the right
forum for this.
With colleagues at the University of Oxford, I've been doing some work on
access control for atompub-based data repositories. We have a vanilla atompub
implementation called AtomBeat, which has a security plugin that supports
fine-grained access control policies via access control lists. There's some
http://code.google.com/p/atombeat/wiki/TutorialAccessControl
I guess I'm emailing because I'd be very interested to hear from anyone
who's done any work on authorization and access control for systems based
on atompub. This stuff isn't easy, and I'd really appreciate any insights
or experience or links to discussions or existing implementation work.
Other relevant work I'm aware of is the work on access control in CMIS [1]
(which I need to study in more detail, haven't fully understood yet), the
various bits of the GData APIs that support access control (e.g., calendar
API [2]), and a discussion of feed access control and licensing on rss-public
from 2006 [3] ... please let me know if I'm missing anything major.
Cheers,
Alistair
[1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html
[2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar
[3] http://tech.groups.yahoo.com/group/rss-public/message/724
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Tel: +44 (0)1865 287669
--
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul-***@public.gmane.org

"Oxygenating the Web Service Platform", www.wso2.com
Alistair Miles
2011-01-20 09:34:53 UTC
Permalink
Hi Paul,
Post by Paul Fremantle
WSO2 Governance Registry (http://wso2.org/library/governance-registry)
is an Open Source registry/repository that implements fine-grained
access control for Atom/AtomPub. We use Apache Shindig as the AtomPub
implementation and have added access control.
Thanks for this. Would you be able to point me at any documentation that
explains how your access control works? That would be much appreciated
(I couldn't find anything with a casual browse).

Also, it's the first I've heard of shindig, so I may be missing something,
but I can't see how you'd use that as an atompub implementation (although I
see the opensocial API has an Atom representation [1], so I guess shindig
must implement that?). Did you mean Apache Abdera?

If you had code that implemented access control for abdera, I'd be very
interested. I haven't heard of anything like that so far, but I don't know
abdera well, so could be missing something.

Thanks,

Alistair

[1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html
Post by Paul Fremantle
Paul
On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles
Post by Alistair Miles
Hi all,
Apologies for mailing both atom-* lists, I wasn't sure which was the right
forum for this.
With colleagues at the University of Oxford, I've been doing some work on
access control for atompub-based data repositories. We have a vanilla atompub
implementation called AtomBeat, which has a security plugin that supports
fine-grained access control policies via access control lists. There's some
http://code.google.com/p/atombeat/wiki/TutorialAccessControl
I guess I'm emailing because I'd be very interested to hear from anyone
who's done any work on authorization and access control for systems based
on atompub. This stuff isn't easy, and I'd really appreciate any insights
or experience or links to discussions or existing implementation work.
Other relevant work I'm aware of is the work on access control in CMIS [1]
(which I need to study in more detail, haven't fully understood yet), the
various bits of the GData APIs that support access control (e.g., calendar
API [2]), and a discussion of feed access control and licensing on rss-public
from 2006 [3] ... please let me know if I'm missing anything major.
Cheers,
Alistair
[1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html
[2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar
[3] http://tech.groups.yahoo.com/group/rss-public/message/724
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Tel: +44 (0)1865 287669
--
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
"Oxygenating the Web Service Platform", www.wso2.com
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Email: alimanfoo-***@public.gmane.org
Tel: +44 (0)1865 287669
Paul Fremantle
2011-01-20 09:53:09 UTC
Permalink
Sorry yes. Doh. I've just got back from a long haul trip and I was a
little jetlagged when I wrote that. Yes I do mean Abdera.

I wasn't the developer on the project, but I know the basic scheme.
All the resources in the repository form a single tree. Every part of
the tree can have its own permissions.

http://wso2.org/project/registry/3.5.1/docs/user_guide/resource_ui.html#Permissions

This is implemented via Abdera. However, I don't have the details at
hand. You could ask on carbon-dev-***@public.gmane.org and someone subscribed
there will have the answers!

Paul

On Thu, Jan 20, 2011 at 9:34 AM, Alistair Miles
Post by Alistair Miles
Hi Paul,
Post by Paul Fremantle
WSO2 Governance Registry (http://wso2.org/library/governance-registry)
is an Open Source registry/repository that implements fine-grained
access control for Atom/AtomPub. We use Apache Shindig as the AtomPub
implementation and have added access control.
Thanks for this. Would you be able to point me at any documentation that
explains how your access control works? That would be much appreciated
(I couldn't find anything with a casual browse).
Also, it's the first I've heard of shindig, so I may be missing something,
but I can't see how you'd use that as an atompub implementation (although I
see the opensocial API has an Atom representation [1], so I guess shindig
must implement that?). Did you mean Apache Abdera?
If you had code that implemented access control for abdera, I'd be very
interested. I haven't heard of anything like that so far, but I don't know
abdera well, so could be missing something.
Thanks,
Alistair
[1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html
Post by Paul Fremantle
Paul
On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles
Post by Alistair Miles
Hi all,
Apologies for mailing both atom-* lists, I wasn't sure which was the right
forum for this.
With colleagues at the University of Oxford, I've been doing some work on
access control for atompub-based data repositories. We have a vanilla atompub
implementation called AtomBeat, which has a security plugin that supports
fine-grained access control policies via access control lists. There's some
http://code.google.com/p/atombeat/wiki/TutorialAccessControl
I guess I'm emailing because I'd be very interested to hear from anyone
who's done any work on authorization and access control for systems based
on atompub. This stuff isn't easy, and I'd really appreciate any insights
or experience or links to discussions or existing implementation work.
Other relevant work I'm aware of is the work on access control in CMIS [1]
(which I need to study in more detail, haven't fully understood yet), the
various bits of the GData APIs that support access control (e.g., calendar
API [2]), and a discussion of feed access control and licensing on rss-public
from 2006 [3] ... please let me know if I'm missing anything major.
Cheers,
Alistair
[1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html
[2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar
[3] http://tech.groups.yahoo.com/group/rss-public/message/724
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Tel: +44 (0)1865 287669
--
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
"Oxygenating the Web Service Platform", www.wso2.com
--
Alistair Miles
Head of Epidemiological Informatics
Centre for Genomics and Global Health <http://cggh.org>
The Wellcome Trust Centre for Human Genetics
Roosevelt Drive
Oxford
OX3 7BN
United Kingdom
Web: http://purl.org/net/aliman
Tel: +44 (0)1865 287669
--
Paul Fremantle
Co-Founder and CTO, WSO2
Apache Synapse PMC Chair
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul-***@public.gmane.org

"Oxygenating the Web Service Platform", www.wso2.com
Loading...