Versions Compared

Old Version 10

changes.mady.by.user Aaron Birkland

Saved on

compared with

New Version 11

changes.mady.by.user Bethany Seeger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents


General Information

A place to record thoughts on the interaction of resource versions and WAC authorization in the context of the Fedora API alignment sprint.

...

https://tools.ietf.org/html/rfc7089#section-7


Design thoughts

Here are a few ways that ACLS and versions of resources might interact.   Ideas and use cases are welcome, especially if you have a certain way in which you might expect ACLs and Versioning to behave.

...

  1. Ignore any ACL on a versioned resource; instead honor the ACL that the Original Resource (LDPRv) has.  Essentially the versioned resource 'inherit' the ACL from the version container (LDPCv). 
    1. If the LDPCv has no ACL - default back to the LDPRv??  Or perhaps the LDPCv points to some sort of default ACL?
    2. This scenario allows for the LDPRv to potentially have a separate ACL from the versions of itself. 
  2. Any versioned resource always has the same ACL as the Original Resource (LDPRv).  In other words, the ACL on the LDPCv always applies to all versions of the resource. If the ACL is changed or updated on the LDPCv, all the versions then have that same change/update.  The ACL would be stored and referenced from the LDPRv (not stored in the versions). 
  3. When a LDPR is versioned, honor the ACL that's on the versioned resource that was there at the time the version was created.
    1.  If the URL of the ACL pointed to never changes, then all the versions will have the same ACL restrictions as the LDPRv. 
    2.  If the URL of the ACL pointed to changes over time, then the versions may have different ACL restrictions, from both each other and the Original Resource.
    3. This scenario gets complicated quickly, especially when an ACL that's on a version, but no longer on the LDPRv, gets removed from the system.  
  4. Version the ACL along with the LDPRv.  
    1. This would be a tricky scenario to work with as an admin would potentially be unable to manage access appropriately. Given that mementos are immutable, the versioned ACLs wouldn't be able to change and an admin would be unable to change authorizations for versions of resources. 

Use Cases


Issues / Concerns:

URIs in LDPRm, and the "multiple parent" problem

...