On 12 Mar 2009, at 14:17, Vidar Ramdal wrote:
On Thu, Mar 12, 2009 at 9:55 AM, Alexander Klimetschek <aklim...@day.com
> wrote:
On Thu, Mar 12, 2009 at 9:49 AM, Vidar Ramdal <vi...@idium.no> wrote:
For the application I'm developing, I have abandoned the ACL concept
alltogether. Instead, I'm implementing my own access management
logic
from scratch.
I find that in many web applications, a typical ACL concept is not
the
best solution.
Interesting, could you elaborate? Is this similar to the reasons
mentioned in a presentation by Zed Shaw (
http://dev.day.com/microsling/content/blogs/main/theaclisdead.html )?
That was certainly an interesting watch (especially the stripper
part).
In my case, it's not that ACLs are too limited. Our access rules are
much simpler than what can be described with ACLs.
And exactly because our rules are simpler, it was just easier to
describe them with a couple of Java classes.
I have to agree, having programmatically security is much more useful
in a lot of scenarios.
One example is when the security requirements changes. If you have a
lot of ACLs in a very large repository, it becomes a nightmare to
change.
It would be very handy to be able to express permission in terms of
scripts, with an appropriate selector mechanism.
--
Torgeir Veimo
torg...@pobox.com