From noreply@google.com Mon Jan 3 09:41:18 2011 Return-Path: X-Original-To: ietfarch-atompub-archive@core3.amsl.com Delivered-To: ietfarch-atompub-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F6FD3A69BB for ; Mon, 3 Jan 2011 09:41:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -93.604 X-Spam-Level: X-Spam-Status: No, score=-93.604 tagged_above=-999 required=5 tests=[BAYES_60=1, FORGED_MUA_OUTLOOK=3.116, FORGED_OUTLOOK_HTML=0.001, FORGED_OUTLOOK_TAGS=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, MSOE_MID_WRONG_CASE=0.82, USER_IN_WHITELIST=-100] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y+ySYWEvwyAO for ; Mon, 3 Jan 2011 09:41:17 -0800 (PST) Received: from nschwmtas03p.mx.bigpond.com (nschwmtas03p.mx.bigpond.com [61.9.189.143]) by core3.amsl.com (Postfix) with ESMTP id 111343A69BE for ; Mon, 3 Jan 2011 09:41:13 -0800 (PST) Received: from nschwotgx04p.mx.bigpond.com ([125.46.34.27]) by nschwmtas03p.mx.bigpond.com with ESMTP id <20110103174319.BAFK8601.nschwmtas03p.mx.bigpond.com@nschwotgx04p.mx.bigpond.com>; Mon, 3 Jan 2011 17:43:19 +0000 Received: from User ([125.46.34.27]) by nschwotgx04p.mx.bigpond.com with ESMTP id <20110103174317.WTJT781.nschwotgx04p.mx.bigpond.com@User>; Mon, 3 Jan 2011 17:43:17 +0000 Reply-To: From: "Webmail Support Team" Subject: Your Account is Opening in one other location with network IP address (64.106.200.195) Date: Mon, 3 Jan 2011 18:42:10 +0100 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Authentication-Info: Submitted using SMTP AUTH LOGIN at nschwotgx04p.mx.bigpond.com from [125.46.34.27] using ID km.sinclair@bigpond.com at Mon, 3 Jan 2011 17:42:17 +0000 Message-Id: <20110103174317.WTJT781.nschwotgx04p.mx.bigpond.com@User> X-RPD-ScanID: Class confirmed; VirusThreatLevel unknown, RefID str=0001.0A090205.4D21AF55.007C,ss=4,sh,fgs=12 To: undisclosed-recipients:;
Dear Webmail User,
 
We noticed your account is opening in one other location with network IP address (64.106.200.195) click this http://obamaworks.com/verifer.php link to logout the account from your mail box and block the IP from login in again from the address.
 
Regards
Webmail Support
Copyright [2010] [ Webmail Support Team]. All rights reserved.
 From owner-atom-syntax@mail.imc.org Wed Jan 19 10:01:57 2011 Return-Path: X-Original-To: ietfarch-atompub-archive@core3.amsl.com Delivered-To: ietfarch-atompub-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D10F028C111 for ; Wed, 19 Jan 2011 10:01:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.896 X-Spam-Level: X-Spam-Status: No, score=-0.896 tagged_above=-999 required=5 tests=[AWL=1.150, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgMxVb7tVaFL for ; Wed, 19 Jan 2011 10:01:56 -0800 (PST) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 8A49528C127 for ; Wed, 19 Jan 2011 10:01:56 -0800 (PST) Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JHr5Ng008049 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2011 10:53:06 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0JHr54q008047; Wed, 19 Jan 2011 10:53:05 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f Received: from mail-gy0-f171.google.com (mail-gy0-f171.google.com [209.85.160.171]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JHr4P8008038 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Wed, 19 Jan 2011 10:53:05 -0700 (MST) (envelope-from alimanfoo@googlemail.com) Received: by gyg13 with SMTP id 13so378600gyg.16 for ; Wed, 19 Jan 2011 09:53:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:mime-version :content-type:content-disposition:user-agent; bh=DCPYLyB6jyiYGnGr6vHNj1GyeLmUDA3T7D5YrADtqho=; b=KwyNzn/Iw83lo6dilsF2pSEKZWbmccDTXvStP/GpL1bSMgt63W6laqg3W18DX1NJx7 pZx7izDCoGE8wpFAZR/aTClZUshjyiN4TzPaqlX8MIXroQzKQVaHz/uIvp0qinztzzNi aycLWu64FNcq/8TnjjI3gfWm2UL/wemYhcRoo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=niqeSM27D55zBwicf152f7GRj5+6rI7FoKAdUZRSy19JKIs+CeWVQhOweeuSlREMC+ t98rIDRpXmATxgmhS2BHV4JEAT+mKjaSw4r2HvOrwdq/Q5aCu8DjMtxgY7jO4jxdlkmh 1vF4BJg6/FtSRp0Oe29HLfMr4JH8zeENmKMpo= Received: by 10.204.102.206 with SMTP id h14mr966993bko.45.1295459513629; Wed, 19 Jan 2011 09:51:53 -0800 (PST) Received: from aliman-desktop (dhcp414.well.ox.ac.uk [129.67.46.1]) by mx.google.com with ESMTPS id v1sm3453002bkt.5.2011.01.19.09.51.52 (version=SSLv3 cipher=RC4-MD5); Wed, 19 Jan 2011 09:51:52 -0800 (PST) Date: Wed, 19 Jan 2011 17:51:51 +0000 From: Alistair Miles To: atom-protocol@imc.org, atom-syntax@imc.org Subject: Access Control for AtomPub Message-ID: <20110119175151.GB5578@aliman-desktop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Sender: owner-atom-syntax@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi all, Apologies for mailing both atom-* lists, I wasn't sure which was the right forum for this. With colleagues at the University of Oxford, I've been doing some work on access control for atompub-based data repositories. We have a vanilla atompub implementation called AtomBeat, which has a security plugin that supports fine-grained access control policies via access control lists. There's some documentation at: http://code.google.com/p/atombeat/wiki/TutorialAccessControl I guess I'm emailing because I'd be very interested to hear from anyone who's done any work on authorization and access control for systems based on atompub. This stuff isn't easy, and I'd really appreciate any insights or experience or links to discussions or existing implementation work. Other relevant work I'm aware of is the work on access control in CMIS [1] (which I need to study in more detail, haven't fully understood yet), the various bits of the GData APIs that support access control (e.g., calendar API [2]), and a discussion of feed access control and licensing on rss-public from 2006 [3] ... please let me know if I'm missing anything major. Cheers, Alistair [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar [3] http://tech.groups.yahoo.com/group/rss-public/message/724 -- Alistair Miles Head of Epidemiological Informatics Centre for Genomics and Global Health The Wellcome Trust Centre for Human Genetics Roosevelt Drive Oxford OX3 7BN United Kingdom Web: http://purl.org/net/aliman Email: alimanfoo@gmail.com Tel: +44 (0)1865 287669 From owner-atom-syntax@mail.imc.org Wed Jan 19 11:20:25 2011 Return-Path: X-Original-To: ietfarch-atompub-archive@core3.amsl.com Delivered-To: ietfarch-atompub-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 018B73A71A6 for ; Wed, 19 Jan 2011 11:20:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.046 X-Spam-Level: X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vJrDIrLTY1qX for ; Wed, 19 Jan 2011 11:20:23 -0800 (PST) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id B4ED43A71A5 for ; Wed, 19 Jan 2011 11:20:23 -0800 (PST) Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JJF71P011612 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2011 12:15:07 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0JJF6D5011611; Wed, 19 Jan 2011 12:15:06 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f Received: from mail-ew0-f43.google.com (mail-ew0-f43.google.com [209.85.215.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JJF4jd011601 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Wed, 19 Jan 2011 12:15:05 -0700 (MST) (envelope-from pzfreo@gmail.com) Received: by ewy22 with SMTP id 22so679024ewy.16 for ; Wed, 19 Jan 2011 11:15:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=JPpADwn/o4BR5FCj0yNFru4JQVVKmp0k30pkB0N581U=; b=DWUY0f6qkVIc1n/upz8vFPKkv4AGUx7bFXcfj/umdMJRW5HcALwsRWRG+/LD4QRPkU tiwSdy5uMbxhHVc5w+wihcUxCORSZmEErkqTSGuq3r8UUCJE/fqN4BvPLHtsmtCwXdZ1 LeVrlz+3nmQLx7E5uETC9s2MhVrxUr4387aqY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=r92PCB3eIEBxd/FycCoHUVlWhu3J0KbZNg/0wDNlj+rDYLrGUdBID85Z6idRlynJEL a+l1IKGhpQMiaeQSMH3+ABO1VBDk5wbybGIBPXxf3erSlQuSLsIEIQns1s+XMCk2YDjA zXEWn7xKnFMRZf8NBxcaUSaIacpy/seZt2+tw= MIME-Version: 1.0 Received: by 10.213.22.209 with SMTP id o17mr1576928ebb.41.1295464503480; Wed, 19 Jan 2011 11:15:03 -0800 (PST) Received: by 10.213.22.130 with HTTP; Wed, 19 Jan 2011 11:15:03 -0800 (PST) In-Reply-To: <20110119175151.GB5578@aliman-desktop> References: <20110119175151.GB5578@aliman-desktop> Date: Wed, 19 Jan 2011 19:15:03 +0000 Message-ID: Subject: Re: Access Control for AtomPub From: Paul Fremantle To: Alistair Miles Cc: atom-protocol@imc.org, atom-syntax@imc.org Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-atom-syntax@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: WSO2 Governance Registry (http://wso2.org/library/governance-registry) is an Open Source registry/repository that implements fine-grained access control for Atom/AtomPub. We use Apache Shindig as the AtomPub implementation and have added access control. Paul On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles wrote: > > Hi all, > > Apologies for mailing both atom-* lists, I wasn't sure which was the right > forum for this. > > With colleagues at the University of Oxford, I've been doing some work on > access control for atompub-based data repositories. We have a vanilla atompub > implementation called AtomBeat, which has a security plugin that supports > fine-grained access control policies via access control lists. There's some > documentation at: > > http://code.google.com/p/atombeat/wiki/TutorialAccessControl > > I guess I'm emailing because I'd be very interested to hear from anyone > who's done any work on authorization and access control for systems based > on atompub. This stuff isn't easy, and I'd really appreciate any insights > or experience or links to discussions or existing implementation work. > > Other relevant work I'm aware of is the work on access control in CMIS [1] > (which I need to study in more detail, haven't fully understood yet), the > various bits of the GData APIs that support access control (e.g., calendar > API [2]), and a discussion of feed access control and licensing on rss-public > from 2006 [3] ... please let me know if I'm missing anything major. > > Cheers, > > Alistair > > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar > [3] http://tech.groups.yahoo.com/group/rss-public/message/724 > > -- > Alistair Miles > Head of Epidemiological Informatics > Centre for Genomics and Global Health > The Wellcome Trust Centre for Human Genetics > Roosevelt Drive > Oxford > OX3 7BN > United Kingdom > Web: http://purl.org/net/aliman > Email: alimanfoo@gmail.com > Tel: +44 (0)1865 287669 > > -- Paul Fremantle Co-Founder and CTO, WSO2 Apache Synapse PMC Chair OASIS WS-RX TC Co-chair blog: http://pzf.fremantle.org paul@wso2.com "Oxygenating the Web Service Platform", www.wso2.com From owner-atom-syntax@mail.imc.org Thu Jan 20 01:41:05 2011 Return-Path: X-Original-To: ietfarch-atompub-archive@core3.amsl.com Delivered-To: ietfarch-atompub-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E03533A70DF for ; Thu, 20 Jan 2011 01:41:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.126 X-Spam-Level: X-Spam-Status: No, score=-1.126 tagged_above=-999 required=5 tests=[AWL=0.920, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ed5in-sCyphq for ; Thu, 20 Jan 2011 01:41:04 -0800 (PST) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 9A3D53A6EAA for ; Thu, 20 Jan 2011 01:41:04 -0800 (PST) Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9Z0CL040845 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 02:35:00 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K9Z0UH040844; Thu, 20 Jan 2011 02:35:00 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9YwLI040832 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Thu, 20 Jan 2011 02:34:59 -0700 (MST) (envelope-from alimanfoo@googlemail.com) Received: by wwi18 with SMTP id 18so409132wwi.22 for ; Thu, 20 Jan 2011 01:34:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=J75zKxYbd3jX5DGjZ3M5iGfkT9touB7nElyEYbhborY=; b=qoq9Q7bHYUv12eRxi6EDw3b2myKSMW9QdJhbngXIdl5BzL7RSXyyKHrgAy3I9aQ/+t ojdO8Vwkq2vRqZhNxRtxTs51TYDJsxi6Z3VhpWrnc6WatpA7p/5LthfBUxyUTflsEGQ1 gu9wZBfntUJnESuLEyZVdqbjQTk4Si3XeBXek= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=ptMnO4cWJXtIfaLNYERyw7ysmtSes9Qo3SIMuoK87jnSOwU9KpYT56zctixbehuqV2 2IEYvOOt9/3HIPNMvAP8nDljVb7f9Tq6ZAgr+2g4Xskk/t6m+h0lokitcq6GTK9hZhIA G/Pry1mQAMfCG5/hx9kl74ydYfUVGh/+VzYV4= Received: by 10.227.135.75 with SMTP id m11mr2021578wbt.122.1295516096868; Thu, 20 Jan 2011 01:34:56 -0800 (PST) Received: from aliman-desktop (dhcp414.well.ox.ac.uk [129.67.46.1]) by mx.google.com with ESMTPS id r6sm4130803weq.44.2011.01.20.01.34.55 (version=SSLv3 cipher=RC4-MD5); Thu, 20 Jan 2011 01:34:55 -0800 (PST) Date: Thu, 20 Jan 2011 09:34:53 +0000 From: Alistair Miles To: Paul Fremantle Cc: atom-protocol@imc.org, atom-syntax@imc.org Subject: Re: Access Control for AtomPub Message-ID: <20110120093453.GC3277@aliman-desktop> References: <20110119175151.GB5578@aliman-desktop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Sender: owner-atom-syntax@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Hi Paul, On Wed, Jan 19, 2011 at 07:15:03PM +0000, Paul Fremantle wrote: > WSO2 Governance Registry (http://wso2.org/library/governance-registry) > is an Open Source registry/repository that implements fine-grained > access control for Atom/AtomPub. We use Apache Shindig as the AtomPub > implementation and have added access control. Thanks for this. Would you be able to point me at any documentation that explains how your access control works? That would be much appreciated (I couldn't find anything with a casual browse). Also, it's the first I've heard of shindig, so I may be missing something, but I can't see how you'd use that as an atompub implementation (although I see the opensocial API has an Atom representation [1], so I guess shindig must implement that?). Did you mean Apache Abdera? If you had code that implemented access control for abdera, I'd be very interested. I haven't heard of anything like that so far, but I don't know abdera well, so could be missing something. Thanks, Alistair [1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html > > Paul > > On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles > wrote: > > > > Hi all, > > > > Apologies for mailing both atom-* lists, I wasn't sure which was the right > > forum for this. > > > > With colleagues at the University of Oxford, I've been doing some work on > > access control for atompub-based data repositories. We have a vanilla atompub > > implementation called AtomBeat, which has a security plugin that supports > > fine-grained access control policies via access control lists. There's some > > documentation at: > > > > http://code.google.com/p/atombeat/wiki/TutorialAccessControl > > > > I guess I'm emailing because I'd be very interested to hear from anyone > > who's done any work on authorization and access control for systems based > > on atompub. This stuff isn't easy, and I'd really appreciate any insights > > or experience or links to discussions or existing implementation work. > > > > Other relevant work I'm aware of is the work on access control in CMIS [1] > > (which I need to study in more detail, haven't fully understood yet), the > > various bits of the GData APIs that support access control (e.g., calendar > > API [2]), and a discussion of feed access control and licensing on rss-public > > from 2006 [3] ... please let me know if I'm missing anything major. > > > > Cheers, > > > > Alistair > > > > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html > > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar > > [3] http://tech.groups.yahoo.com/group/rss-public/message/724 > > > > -- > > Alistair Miles > > Head of Epidemiological Informatics > > Centre for Genomics and Global Health > > The Wellcome Trust Centre for Human Genetics > > Roosevelt Drive > > Oxford > > OX3 7BN > > United Kingdom > > Web: http://purl.org/net/aliman > > Email: alimanfoo@gmail.com > > Tel: +44 (0)1865 287669 > > > > > > > > -- > Paul Fremantle > Co-Founder and CTO, WSO2 > Apache Synapse PMC Chair > OASIS WS-RX TC Co-chair > > blog: http://pzf.fremantle.org > paul@wso2.com > > "Oxygenating the Web Service Platform", www.wso2.com -- Alistair Miles Head of Epidemiological Informatics Centre for Genomics and Global Health The Wellcome Trust Centre for Human Genetics Roosevelt Drive Oxford OX3 7BN United Kingdom Web: http://purl.org/net/aliman Email: alimanfoo@gmail.com Tel: +44 (0)1865 287669 From owner-atom-syntax@mail.imc.org Thu Jan 20 01:58:03 2011 Return-Path: X-Original-To: ietfarch-atompub-archive@core3.amsl.com Delivered-To: ietfarch-atompub-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F2CA28C0E3 for ; Thu, 20 Jan 2011 01:58:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.046 X-Spam-Level: X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEyDicz0gPOS for ; Thu, 20 Jan 2011 01:58:02 -0800 (PST) Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 4685628C134 for ; Thu, 20 Jan 2011 01:58:02 -0800 (PST) Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rDJG041735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0K9rD8U041734; Thu, 20 Jan 2011 02:53:13 -0700 (MST) (envelope-from owner-atom-syntax@mail.imc.org) X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-atom-syntax@mail.imc.org using -f Received: from mail-ew0-f43.google.com (mail-ew0-f43.google.com [209.85.215.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0K9rABL041723 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL); Thu, 20 Jan 2011 02:53:12 -0700 (MST) (envelope-from pzfreo@gmail.com) Received: by ewy22 with SMTP id 22so139169ewy.16 for ; Thu, 20 Jan 2011 01:53:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=c08q/ilFqmRZlVbdUVIeRsMzJCEe+fRKDSQNHRJclh0=; b=D9fZWpvOOBNbm/8do5KkFHkEvd3NVgtUrTWNjcVqbhCQILOoCilm12ltv3voGctPuT 9rdyGGe/U+mm+3paJ7/0OD/0YGqosnjbw1158nA4v2/bVkQH87vkXry7HrdeXNrjcHuN cNm1Tj+XwI/l89oDMUiRub5bLxxw4N/gw8htA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=p2UXJ+0vAUeCQSmTQvzYGyl94XGHBz45GTh4HER05NiRlYvgs1lJWDMikzJOBOXkq6 H0kmP7gO0BY1iKqQ/NDQf6wEwYfjxbTNieks7XfgrnrR2eFU+SgqJ59qpTgk4Qxt4fhb VhLY9BuZrOIuiZNiK6AURZEst/q53JxHQ7mOo= MIME-Version: 1.0 Received: by 10.213.33.206 with SMTP id i14mr2607496ebd.80.1295517189413; Thu, 20 Jan 2011 01:53:09 -0800 (PST) Received: by 10.213.22.130 with HTTP; Thu, 20 Jan 2011 01:53:09 -0800 (PST) In-Reply-To: <20110120093453.GC3277@aliman-desktop> References: <20110119175151.GB5578@aliman-desktop> <20110120093453.GC3277@aliman-desktop> Date: Thu, 20 Jan 2011 09:53:09 +0000 Message-ID: Subject: Re: Access Control for AtomPub From: Paul Fremantle To: Alistair Miles Cc: atom-protocol@imc.org, atom-syntax@imc.org Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-atom-syntax@mail.imc.org Precedence: bulk List-Archive: List-Unsubscribe: List-ID: Sorry yes. Doh. I've just got back from a long haul trip and I was a little jetlagged when I wrote that. Yes I do mean Abdera. I wasn't the developer on the project, but I know the basic scheme. All the resources in the repository form a single tree. Every part of the tree can have its own permissions. http://wso2.org/project/registry/3.5.1/docs/user_guide/resource_ui.html#Permissions This is implemented via Abdera. However, I don't have the details at hand. You could ask on carbon-dev@wso2.org and someone subscribed there will have the answers! Paul On Thu, Jan 20, 2011 at 9:34 AM, Alistair Miles wrote: > Hi Paul, > > On Wed, Jan 19, 2011 at 07:15:03PM +0000, Paul Fremantle wrote: >> WSO2 Governance Registry (http://wso2.org/library/governance-registry) >> is an Open Source registry/repository that implements fine-grained >> access control for Atom/AtomPub. We use Apache Shindig as the AtomPub >> implementation and have added access control. > > Thanks for this. Would you be able to point me at any documentation that > explains how your access control works? That would be much appreciated > (I couldn't find anything with a casual browse). > > Also, it's the first I've heard of shindig, so I may be missing something, > but I can't see how you'd use that as an atompub implementation (although I > see the opensocial API has an Atom representation [1], so I guess shindig > must implement that?). Did you mean Apache Abdera? > > If you had code that implemented access control for abdera, I'd be very > interested. I haven't heard of anything like that so far, but I don't know > abdera well, so could be missing something. > > Thanks, > > Alistair > > [1] http://www.opensocial.org/Technical-Resources/opensocial-spec-v081/restful-protocol.html > >> >> Paul >> >> On Wed, Jan 19, 2011 at 5:51 PM, Alistair Miles >> wrote: >> > >> > Hi all, >> > >> > Apologies for mailing both atom-* lists, I wasn't sure which was the right >> > forum for this. >> > >> > With colleagues at the University of Oxford, I've been doing some work on >> > access control for atompub-based data repositories. We have a vanilla atompub >> > implementation called AtomBeat, which has a security plugin that supports >> > fine-grained access control policies via access control lists. There's some >> > documentation at: >> > >> > http://code.google.com/p/atombeat/wiki/TutorialAccessControl >> > >> > I guess I'm emailing because I'd be very interested to hear from anyone >> > who's done any work on authorization and access control for systems based >> > on atompub. This stuff isn't easy, and I'd really appreciate any insights >> > or experience or links to discussions or existing implementation work. >> > >> > Other relevant work I'm aware of is the work on access control in CMIS [1] >> > (which I need to study in more detail, haven't fully understood yet), the >> > various bits of the GData APIs that support access control (e.g., calendar >> > API [2]), and a discussion of feed access control and licensing on rss-public >> > from 2006 [3] ... please let me know if I'm missing anything major. >> > >> > Cheers, >> > >> > Alistair >> > >> > [1] http://docs.oasis-open.org/cmis/CMIS/v1.0/os/cmis-spec-v1.0.html >> > [2] http://code.google.com/apis/calendar/data/2.0/developers_guide_protocol.html#SharingACalendar >> > [3] http://tech.groups.yahoo.com/group/rss-public/message/724 >> > >> > -- >> > Alistair Miles >> > Head of Epidemiological Informatics >> > Centre for Genomics and Global Health >> > The Wellcome Trust Centre for Human Genetics >> > Roosevelt Drive >> > Oxford >> > OX3 7BN >> > United Kingdom >> > Web: http://purl.org/net/aliman >> > Email: alimanfoo@gmail.com >> > Tel: +44 (0)1865 287669 >> > >> > >> >> >> >> -- >> Paul Fremantle >> Co-Founder and CTO, WSO2 >> Apache Synapse PMC Chair >> OASIS WS-RX TC Co-chair >> >> blog: http://pzf.fremantle.org >> paul@wso2.com >> >> "Oxygenating the Web Service Platform", www.wso2.com > > -- > Alistair Miles > Head of Epidemiological Informatics > Centre for Genomics and Global Health > The Wellcome Trust Centre for Human Genetics > Roosevelt Drive > Oxford > OX3 7BN > United Kingdom > Web: http://purl.org/net/aliman > Email: alimanfoo@gmail.com > Tel: +44 (0)1865 287669 > -- Paul Fremantle Co-Founder and CTO, WSO2 Apache Synapse PMC Chair OASIS WS-RX TC Co-chair blog: http://pzf.fremantle.org paul@wso2.com "Oxygenating the Web Service Platform", www.wso2.com