Branko Čibej wrote:
> John Peacock wrote:
>>I would assume that the ACL work will likely be implemented as a
>>special form of property, and deal with inheritance in the tree.
> I think you assume too much. That is one possible model for ACL
> implementation, but even that would differ significantly from
> inheritable properties in that you have to be able to modify ACLs on
> historical revisions (e.g., lock most people out from everything older
> than r1524 in path /foo/bar because it contains sensitive information).
An ACL should be associated with a given node (be that directory or file), be
versioned, and have a well-defined inheritance scheme. In a basic sense, the
first two correspond closely to what a property is currently, or am I missing
some deeper meaning. I hadn't considered an ACL being applied back to an
earlier rev, but it still looks like editing an attribute of a given node in the
By "dealing with inheritance" I was thinking more about whether the /server/
would determine the applicable ACL for a given file or whether the /client/
would have to walk the tree. I would think that obviously the former would be
preferrable from a performance (as well as security) standpoint. Once a general
mechanism exists for the server to report derived attributes (based on
information in the tree not associated with the specific file/dir), extending
that to work for both ACL's and other inherited attributes should be much easier.
> The trouble with inheritable properties is that I can't think of an
> efficient way to implement them without fiddling with the FS schema. Not
> saying ideas wouldn't be welcome, of course. Personally, though, they're
> not high on my list for 1.1.
I'm not saying the inheritable properties are that important for 1.1, but if the
ACL stuff goes well, it will hopefully pave the way for other extensions, as
long as the exact scheme to do ACL's is done in a generic fashion. I don't have
any knowledge of the FS schema (at this point). I'm just waving my arms...
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Lanham, MD 20706
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Fri Apr 2 00:11:25 2004