Hi all, Apologies for mailing both atom-* lists, I wasn't sure which was the right forum for this.
With colleagues at the University of Oxford, I've been doing some work on access control for atompub-based data repositories. We have a vanilla atompub implementation called AtomBeat, which has a security plugin that supports fine-grained access control policies via access control lists. There's some documentation at: http://code.google.com/p/atombeat/wiki/TutorialAccessControl I guess I'm emailing because I'd be very interested to hear from anyone who's done any work on authorization and access control for systems based on atompub. This stuff isn't easy, and I'd really appreciate any insights or experience or links to discussions or existing implementation work. Other relevant work I'm aware of is the work on access control in CMIS [1] (which I need to study in more detail, haven't fully understood yet), the various bits of the GData APIs that support access control (e.g., calendar API [2]), and a discussion of feed access control and licensing on rss-public from 2006 [3] ... please let me know if I'm missing anything major. Cheers, Alistair [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar [3] http://tech.groups.yahoo.com/group/rss-public/message/724 -- Alistair Miles Head of Epidemiological Informatics Centre for Genomics and Global Health <http://cggh.org> The Wellcome Trust Centre for Human Genetics Roosevelt Drive Oxford OX3 7BN United Kingdom Web: http://purl.org/net/aliman Email: [email protected] Tel: +44 (0)1865 287669
