On Thu, Mar 12, 2009 at 9:55 AM, Alexander Klimetschek <aklim...@day.com> wrote: > On Thu, Mar 12, 2009 at 9:49 AM, Vidar Ramdal <vi...@idium.no> wrote: >> For the application I'm developing, I have abandoned the ACL concept >> alltogether. Instead, I'm implementing my own access management logic >> from scratch. >> >> I find that in many web applications, a typical ACL concept is not the >> best solution. > > Interesting, could you elaborate? Is this similar to the reasons > mentioned in a presentation by Zed Shaw ( > http://dev.day.com/microsling/content/blogs/main/theaclisdead.html )?
That was certainly an interesting watch (especially the stripper part). In my case, it's not that ACLs are too limited. Our access rules are much simpler than what can be described with ACLs. And exactly because our rules are simpler, it was just easier to describe them with a couple of Java classes. For instance, we have a feature for moderated comments on a webpage. The rules for comments are simple: Anyone have permission to read approved comments, and to post new comments. Comments have to be approved by a moderator before they are readable to everyone. This implies that the moderator must have read and delete access to all comments. Should we implement this with ACLs, we'd have to take make sure to set the correct ACL on every new comment posted. Allthough the case of comments is fairly simple, we could have more complex cases where ACLs would be more complex, and even prone to errors. It is definately possible to define this rules with ACLs, but it makes more sense to implement it with a custom policy. We know that every comment field should have the same access logic, so why should we have to copy ACLs to every instance of it? And the sling:resourceType property already defines a comment field, so why not just hook up a policy class to respond to those requests. > In general, if you consider access control during the modeling of your > content structure and use inheritance of ACLs, it is actually quite > simple to do. And can be configured by administrators later without > changing the code. One of the main goals of the application we're developing, is that it must be dead simple for our users. Our users are NOT computer-savvy in any way, so they will certainly not be able to grasp the concept of ACLs. Thus, we'd have to abstract the logic in some user-understandable manner anyway, and as I've tried to describe, we think it's easier to describe the rules using Java (or any programming language, really) than with ACLs. -- Vidar S. Ramdal <vi...@idium.no> - http://www.idium.no Akersgata 16, N-0158 Oslo, Norway +47 21 531941, ext 2070
