[annotator-dev] Reading about authn and authz

Randall Leeds tilgovi at hypothes.is
Sun Apr 6 23:18:39 UTC 2014


On Sun, Apr 6, 2014 at 4:02 PM, Aron Carroll
<aron.carroll.lists at gmail.com>wrote:

> Hey Randall,
>
> Thanks for the article, it was a useful and interesting read.
>
> It looks to me that the current permissions plugin implementation is
> already very similar to the proposed improvements in the article.
>
> Unless I'm mistaken the two methods in the article: "authorized_userid"
> and "permits" are equivalent to the "userId"[1] and "userAuthorize"[2]
> methods respectively.
>

+1


>
> I agree with the article in that I imagine these two methods provide
> enough flexibility to implement most types of control mechanism including
> groups. So, I wonder if the problem lies more in the documentation not
> being clear in how these different systems could be implemented or even
> that there is possibly significant work involved for the consumer to
> implement these hooks.
>

I think it may just be documentation. It also might be that we should
change the expand the userAuthorize function in a backwards-compatible way
by accepting either a userid or an Array of principals.

Then I think we'd more or less have group support for free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20140406/75b95c7b/attachment-0004.html>


More information about the annotator-dev mailing list