[annotator-dev] Reading about authn and authz

Aron Carroll aron.carroll.lists at gmail.com
Sun Apr 6 23:02:58 UTC 2014

Hey Randall,

Thanks for the article, it was a useful and interesting read.

It looks to me that the current permissions plugin implementation is already very similar to the proposed improvements in the article.

Unless I’m mistaken the two methods in the article: “authorized_userid” and “permits” are equivalent to the “userId”[1] and “userAuthorize”[2] methods respectively.

I agree with the article in that I imagine these two methods provide enough flexibility to implement most types of control mechanism including groups. So, I wonder if the problem lies more in the documentation not being clear in how these different systems could be implemented or even that there is possibly significant work involved for the consumer to implement these hooks.

It would be interesting to see some examples of groups that can’t be implemented currently. That might then help inform the future design choices also. Is there currently such a document?


[1]: http://docs.annotatorjs.org/en/latest/plugins/permissions.html#userid-user
[2]: http://docs.annotatorjs.org/en/latest/plugins/permissions.html#userauthorize-action-annotation-user

On 6 Apr 2014, at 20:26, Randall Leeds <tilgovi at hypothes.is> wrote:

> Talking with Jamie, Liam and Jake at I Annotate just now about groups.
> Jamie raises the issue that it's not easy to implement groups in Annotator and raises the possibility that it's either just poorly documented or not well supported.
> I'm of the opinion that the central issue preventing us from making a useful plugins for these and related purposes is the absence of proper hooks.
> Much of my thinking about what the future should look like is derived from this blog post: http://plope.com/pyramid_auth_design_api_postmortem
> I encourage anyone interested in groups (or any other access control mechanisms) in Annotator check it out.
> If people are interested I can sketch an API proposal for core Annotator to kick off discussion.
> _______________________________________________
> annotator-dev mailing list
> annotator-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/annotator-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev

More information about the annotator-dev mailing list