James Holderness wrote:
Thomas Broyer wrote:
atom:rights at feed-level don't apply to its entries, just to the
feed as
it stands. If you want to grant/restrict rights at an entry-level,
use the
entry-level atom:rights.
Ok, I missed that. For some reason I assumed atom:rights was just a
feed-level element (probably thinking of RSS). However, according to
the spec it's perfectly acceptable to use a feed-level rights element
to grant rights at an entry-level (assuming all your entries are meant
to have the same rights).
Yeah, this is something I came up against with the license link rel
extension as well. If you're going to use the rights element, you
really should have it on every individual entry as opposed to the feed
level.
I can understand how an entry-level atom:rights could be presented to
the
end-user, but I can't imagine how it could be done for the feed-level
atom:rights, given that it can change during the feed's "life". The only
solution I can see is to store feed metadata on an atom:source inside
each
entry, so you can ask for the entry-level and feed-level atom:rights for
each entry in your aggregator.
If I'm going to have to deal with rights on a per-entry basis, I think
I'd probably just ignore the concept of feed-level rights. That's not
to say I'd ignore the feed-level element altogether - I'd consider it
a default to be used if there wasn't an atom:rights element at the
entry-level. However, if they're both included I'd ignore the
feed-level element. I don't think that's inconsistent with section
4.2.10 of the spec.
The feed level element should be considered to apply to the feed; the
entry level element should be considered to apply to the entry. For
example, if I produce an aggregated feed containing entries from
multiple locations, I own the copyright on the feed, but the other
authors own the copyrights on the entries. The rights element should
reflect that accordingly.
As for how this applies to the history extension: if the first
document retrieved contained a feed-level atom:rights element, but
documents linked via fh:prev contained no rights (feed-level or
entry-level), I would probably apply the rights from the first
document rather than assigning no rights at all. Of course that's
where the "security flaw" comes in, but perhaps that's my own fault.
I would not make this assumption. Each feed/entry in the history SHOULD
contain it's own rights element. I would not default anything in this case.
- James
