Skip to Main Content
Practical Internet Groupware
book

Practical Internet Groupware

by Jon Udell
October 1999
Beginner content levelBeginner
521 pages
15h 28m
English
O'Reilly Media, Inc.
Content preview from Practical Internet Groupware

Attribute-Based Access

Let’s up the ante. Suppose we don’t merely want to allow an undifferentiated group of subscribers to access the ProductAnalysis docbase. Suppose, instead, we want to restrict access based on a relationship between an attribute of a docbase record and an attribute of a subscriber record. Protections applied to directories, files, or scripts won’t suffice.

In the last chapter, we built a notifier that alerts subscribers when a docbase receives new reports about companies in which the docbase subscribers have registered an interest. If we want to use conventional authentication techniques to deny access to reports about companies other than those a subscriber has signed up for, we’d have to materialize nodes in filesystem space for each company, locate HTML files (or file-serving scripts) at each node, and bind a user or group authorization method to each node. You might be able to make this work, but it would be crazy to try—the administrative burden would crush you.

The problem isn’t how authentication is done. Whether you’re using basic authentication or a cookie, as we’ll see later in this chapter, or even a client-side digital ID, the problem is that standard authorization only allows or denies a file or script. It can’t make access-control decisions based on attributes of documents. Authorization is tightly coupled to the filesystem. We’ve got to break that coupling in order to be able to apply basic authentication in a more granular way.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Web Operations

Web Operations

John Allspaw, Jesse Robbins

Publisher Resources

ISBN: 1565925378Catalog PageErrata