> I generally think this is a solid analysis. I'm a little concerned about the
> implications of implementing the "can access to some degree paths which have
> a readable child". It seems like this check would only be feasible and
> reasonably efficient if we assume that all read access control is done using
> mechanisms similar to the current "we have a list of all paths with ACL
> stuff set on them in a file" system, whereas one thing I've always liked
> about the svn AVL architecture is that in theory you can rip out any of the
> explicit-file based systems and replace them with something that does a less
> trivial calculation or lookup on the path name at ACL-query time. This new
> model would seem to restrict ACL backends to designs where paths that have
> access changes are explicitly listed.
We achieved this at CollabNet using the same approach as Subversion.
(none, read, read/write at a path) If we do this right, there should
be no reason to muck with the syntax of the authz file. We just need
to provide better apis to answer the more advanced questions. I
mentioned earlier in this thread that during this proof of concept
that Mike talked about, we did this very simply. Knowing only n/r/rw
for a path, you can turn your single answer question of "Can I access
this path" to "Can I access this path, can I access this path and
everything below it and Can I access this path and/or anything below
it". Answering those three questions gives you everything you need to
improve our authorization framework as we are currently suggesting.
On a related note, using the same three question system, we were able
to greatly improve our performance for Subversion authorization.
Instead of having to authorize every single path, sometimes you can
circumvent the need to authorize a path based on the answer of
previous authorization questions. (For example, if you know that you
can do the requested action on the path and everything below it, you
can short circuit the need to ask further questions for where the path
is a child.) To give you an example, we went from making 7902
authorization calls in one of our tests to 33 using some advanced
handling of the answers to the 3 questions. That is quite an
improvement.
Long story short, there is no need to make changes to the existing
authz configuration to get what we need and in making such changes to
Subversion's authz, we also stand a good chance of being able to take
advantage of these changes to improve performance.
--
Take care,
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1314282
Received on 2009-03-12 21:45:56 CET