Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #45870 > unrolled thread
| Started by | Peter Brooks <peter.h.m.brooks@gmail.com> |
|---|---|
| First post | 2013-05-24 01:18 -0700 |
| Last post | 2013-05-24 12:06 -0700 |
| Articles | 6 — 3 participants |
Back to article view | Back to comp.lang.python
Using ACLs in JSON Peter Brooks <peter.h.m.brooks@gmail.com> - 2013-05-24 01:18 -0700
RE: Using ACLs in JSON Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-24 19:13 +0300
Re: Using ACLs in JSON Peter Brooks <peter.h.m.brooks@gmail.com> - 2013-05-24 12:08 -0700
RE: Using ACLs in JSON Carlos Nepomuceno <carlosnepomuceno@outlook.com> - 2013-05-25 00:12 +0300
Re: Using ACLs in JSON Michael Torrie <torriem@gmail.com> - 2013-05-24 10:42 -0600
Re: Using ACLs in JSON Peter Brooks <peter.h.m.brooks@gmail.com> - 2013-05-24 12:06 -0700
| From | Peter Brooks <peter.h.m.brooks@gmail.com> |
|---|---|
| Date | 2013-05-24 01:18 -0700 |
| Subject | Using ACLs in JSON |
| Message-ID | <6e35fb87-6c6b-4fcc-a99c-199af8b1a4c1@k3g2000vbn.googlegroups.com> |
I'm designing a system that should allow different views to different
audiences. I understand that I can use application logic to control
the access security, but it seems to me that it'd make more sense to
have this documented in the data-stream so that it's data-driven.
I was wondering if there was any standard way of doing this in JSON.
Alternatively, is there a better way of organising this in Python
that's compatible with JSON?
I've put an example of the sort of thing that I mean below. The idea
is that this object is accessible for viewing or deleting by the role
'HR' and available for change only to the owner of the record itself.
In addition, the record can be viewed by those with the role
'manager'. The syntax may be wrong, but I hope that my intention is
reasonably clear.
Is there an existing practice or standard for doing this sort of
thing?
{
"title" : "Example Schema",
"type" : "object",
"version" : "1.0",
"properties": {
"firstname" : {
"type": "string"
},
"lastname" : {
"type": "string"
},
"age" : {
"description" : "Age in years",
"type": "integer",
"minimum": 0
}
},
"ACL-view": ["HR","Manager",["firstname","lastname"]],
"ACL-change": ["firstname","Lastname"],
"ACL-delete": ["HR"],
"required": ["firstname","lastname"]
}
[toc] | [next] | [standalone]
| From | Carlos Nepomuceno <carlosnepomuceno@outlook.com> |
|---|---|
| Date | 2013-05-24 19:13 +0300 |
| Message-ID | <mailman.2070.1369411998.3114.python-list@python.org> |
| In reply to | #45870 |
Not exactly what you want but you may consider Google ACL XML[1].
If there aren't any system integration restrictions you can do what you think it's best... for now.
[1] https://developers.google.com/storage/docs/accesscontrol#applyacls
----------------------------------------
> Date: Fri, 24 May 2013 01:18:06 -0700
> Subject: Using ACLs in JSON
> From: peter.h.m.brooks@gmail.com
> To: python-list@python.org
>
> I'm designing a system that should allow different views to different
> audiences. I understand that I can use application logic to control
> the access security, but it seems to me that it'd make more sense to
> have this documented in the data-stream so that it's data-driven.
>
> I was wondering if there was any standard way of doing this in JSON.
> Alternatively, is there a better way of organising this in Python
> that's compatible with JSON?
>
> I've put an example of the sort of thing that I mean below. The idea
> is that this object is accessible for viewing or deleting by the role
> 'HR' and available for change only to the owner of the record itself.
> In addition, the record can be viewed by those with the role
> 'manager'. The syntax may be wrong, but I hope that my intention is
> reasonably clear.
>
> Is there an existing practice or standard for doing this sort of
> thing?
>
> {
> "title" : "Example Schema",
> "type" : "object",
> "version" : "1.0",
> "properties": {
> "firstname" : {
> "type": "string"
> },
> "lastname" : {
> "type": "string"
> },
> "age" : {
> "description" : "Age in years",
> "type": "integer",
> "minimum": 0
> }
> },
> "ACL-view": ["HR","Manager",["firstname","lastname"]],
> "ACL-change": ["firstname","Lastname"],
> "ACL-delete": ["HR"],
> "required": ["firstname","lastname"]
> }
> --
> http://mail.python.org/mailman/listinfo/python-list
[toc] | [prev] | [next] | [standalone]
| From | Peter Brooks <peter.h.m.brooks@gmail.com> |
|---|---|
| Date | 2013-05-24 12:08 -0700 |
| Message-ID | <e313c608-a253-4098-a6c8-179e16107185@g9g2000vbl.googlegroups.com> |
| In reply to | #45899 |
On May 24, 6:13 pm, Carlos Nepomuceno <carlosnepomuc...@outlook.com> wrote: > Not exactly what you want but you may consider Google ACL XML[1]. > > If there aren't any system integration restrictions you can do what you think it's best... for now. > > [1]https://developers.google.com/storage/docs/accesscontrol#applyacls > Thank you for the reference. I specifically don't want to use XML itself, but I can adapt that to my purpose - great!
[toc] | [prev] | [next] | [standalone]
| From | Carlos Nepomuceno <carlosnepomuceno@outlook.com> |
|---|---|
| Date | 2013-05-25 00:12 +0300 |
| Message-ID | <mailman.2079.1369430025.3114.python-list@python.org> |
| In reply to | #45910 |
You welcome! Can you send me whatever you decide is best to your case? I'd like to have an example just in case I have to do that in the future. I think that approach is gonna become more prevalent in the coming years. ;) ---------------------------------------- > Date: Fri, 24 May 2013 12:08:03 -0700 > Subject: Re: Using ACLs in JSON > From: peter.h.m.brooks@gmail.com > To: python-list@python.org > > On May 24, 6:13 pm, Carlos Nepomuceno <carlosnepomuc...@outlook.com> > wrote: >> Not exactly what you want but you may consider Google ACL XML[1]. >> >> If there aren't any system integration restrictions you can do what you think it's best... for now. >> >> [1]https://developers.google.com/storage/docs/accesscontrol#applyacls >> > Thank you for the reference. I specifically don't want to use XML > itself, but I can adapt that to my purpose - great! > -- > http://mail.python.org/mailman/listinfo/python-list
[toc] | [prev] | [next] | [standalone]
| From | Michael Torrie <torriem@gmail.com> |
|---|---|
| Date | 2013-05-24 10:42 -0600 |
| Message-ID | <mailman.2071.1369413739.3114.python-list@python.org> |
| In reply to | #45870 |
On 05/24/2013 02:18 AM, Peter Brooks wrote: > I'm designing a system that should allow different views to different > audiences. I understand that I can use application logic to control > the access security, but it seems to me that it'd make more sense to > have this documented in the data-stream so that it's data-driven. > > I was wondering if there was any standard way of doing this in JSON. > Alternatively, is there a better way of organising this in Python > that's compatible with JSON? While I don't understand exactly what you're using JSON for, and nor do I understand the purpose of the JSON structure you posted, I can say that ACLs have nothing to do with JSON. JSON is simply a data markup format, like HTML, XML, plain text, or an INI file. It's merely data. If you want to restrict who sees what when they request a chunk of data formatted using JSON, then you have to enforce that in the code that's processing the request for data using another mechanism. And that mechanism depends on how your clients ask for JSON data, and what code is serving or generating the JSON data.
[toc] | [prev] | [next] | [standalone]
| From | Peter Brooks <peter.h.m.brooks@gmail.com> |
|---|---|
| Date | 2013-05-24 12:06 -0700 |
| Message-ID | <6aa18966-3b98-4ec7-926e-11ca012de30a@gb2g2000vbb.googlegroups.com> |
| In reply to | #45901 |
On May 24, 6:42 pm, Michael Torrie <torr...@gmail.com> wrote: > On 05/24/2013 02:18 AM, Peter Brooks wrote: > > > I'm designing a system that should allow different views to different > > audiences. I understand that I can use application logic to control > > the access security, but it seems to me that it'd make more sense to > > have this documented in the data-stream so that it's data-driven. > > > I was wondering if there was any standard way of doing this in JSON. > > Alternatively, is there a better way of organising this in Python > > that's compatible with JSON? > > While I don't understand exactly what you're using JSON for, and nor do > I understand the purpose of the JSON structure you posted, I can say > that ACLs have nothing to do with JSON. > > JSON is simply a data markup format, like HTML, XML, plain text, or an > INI file. It's merely data. If you want to restrict who sees what when > they request a chunk of data formatted using JSON, then you have to > enforce that in the code that's processing the request for data using > another mechanism. And that mechanism depends on how your clients ask > for JSON data, and what code is serving or generating the JSON data. > Yes, you're right, I know that. However, I want the permissions embedded in the data so that it's easy to verify, from the data, who has access to which objects. The reason is to enforce transparency of the access rights and to make them easy to grant and change without needing to make any coding changes. My question was whether anybody had taken a similar approach and found a way that worked well with python or, even better, if there was a standard way of doing this. If nobody has done this, then I'm happy to invent my own method, but I don't really want to reinvent wheels that might have been nicely designed already.
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web