Mercurial > hg > read-write-web / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset
+ proposed abstraction for WebACLs in webacls.scala webacl
authorAlexandre Bertails <bertails@w3.org>
Fri, 18 Nov 2011 16:15:55 -0500
branchwebacl
changeset 126 ec7f77470ced
parent 125 8080e0e2d0d3
child 127 550497ea4999
+ proposed abstraction for WebACLs in webacls.scala
+ simple specialization in the case of RWW acls
src/main/scala/webacl/RWWacls.scala
src/main/scala/webacl/webacl.scala 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/scala/webacl/RWWacls.scala	Fri Nov 18 16:15:55 2011 -0500
@@ -0,0 +1,9 @@
+package org.w3.webacl
+
+sealed trait RWWAction extends Action
+case object read extends RWWAction
+case object write extends RWWAction
+case object append extends RWWAction
+case object control extends RWWAction
+
+trait RWWAuthorization extends Authorization[RWWAction]
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/main/scala/webacl/webacl.scala	Fri Nov 18 16:15:55 2011 -0500
@@ -0,0 +1,89 @@
+package org.w3.webacl
+
+import java.net.{URI, URL}
+import scala.util.matching.Regex
+
+trait Authorization[A <: Action] {
+  
+  val agentPolicies: Set[AcceptedAgentPolicy]
+  val actions: Set[A]
+  val accessTo: Set[ResourcePolicy]
+  
+  final def authorized(
+      agent: Agent,
+      action: A,
+      accessedResource: URL): Boolean = {
+    def agentIsConcernedBySomePolicy = agentPolicies exists { _ concerns agent }
+    def knownAction = actions contains action
+    def concernedWebResource = accessTo exists { _ concerns accessedResource }
+    agentIsConcernedBySomePolicy && knownAction && concernedWebResource
+  }
+  
+}
+
+trait AcceptedAgentPolicy {
+  def concerns(agent: Agent): Boolean
+}
+
+/** NORMATIVE Policy that concerns any agent
+  * note: the agent is not challenged
+  */
+case object anybody extends AcceptedAgentPolicy {
+  def concerns(agent: Agent): Boolean = true
+}
+
+/** NORMATIVE Policy that concerns a single agent, identified by its URI
+  */
+case class SingleAgent(uri: URI) extends AcceptedAgentPolicy {
+  def concerns(agent: Agent): Boolean = agent.authenticatedAs == Some(uri)
+}
+
+// TODO policy for a group of agent
+// TODO policy that aggregates other policies
+
+trait Agent {
+  /**
+    * @return the identity of the agent if the authentication challenge is successful
+    */
+  def authenticatedAs: Option[URI]
+}
+
+case class UserPassword(id: URI, user: String, password: String) extends Agent {
+  val authenticatedAs: Option[URI] = Some(id)
+}
+
+case class WebId(url: URL) extends Agent {
+  val authenticatedAs: Option[URI] = Some(url.toURI)
+}
+
+case class BrowserId(email: String) extends Agent {
+  val authenticatedAs: Option[URI] = Some(new URI(email))
+}
+
+trait Action
+
+trait ResourcePolicy {
+  def concerns(url: URL): Boolean
+}
+
+/**
+  * NORMATIVE concerns resources identified by its authoritative representation
+  */
+case class AuthoritativeResource(authoritative: URL) extends ResourcePolicy {
+  def concerns(url: URL): Boolean = authoritative == url
+}
+
+/**
+  * NORMATIVE concerns resources whose (not necessarily direct) parent is parent
+  */
+case class ParentResource(parent: URL) extends ResourcePolicy {
+  def concerns(url: URL): Boolean = url.toString startsWith parent.toString
+}
+
+/**
+  * NORMATIVE concerns resources that match regex
+  */
+case class RegexBasedResource(regex: Regex) extends ResourcePolicy {
+  def concerns(url: URL): Boolean = regex.findFirstIn(url.toString).isDefined
+}
+
read-write-web

Hosted by W3C Systems Team, please report bugs to sysreq@w3.org