[openbiblio-dev] bibserver dao

[Jim Pitman]

> > I think at least initially users should be expected to maintain their own files and BibServer provides a read-only service with its own internal
> > caching of data from upload. There will still be the issue of how to remove data that has been uploaded
> > e.g. in error. How exactly does the user authenticate to show they were the owner or the file with right
> > to remove it?
> Which is why you'll almost certainly need some kind of web user
> interface for editing / deleting etc (even if just used by sysadmins).

I'm not sure that is necessary except in very rare cases. Initially, security issues are easier if only sysadmins have such rights.

> > This sort of thing, and naming of files,  is what makes file upload much more difficult than pulling data from urls.
> > Then, whatever is at the end of the url is the source, and it is harmless if anyone in the world presses a refresh button.
> > If the url returns an error, the local store should not be overwritten. This should happen only of something that looks
> > like bib data has been acquired.
>
> Right. agreed that pulling from urls is the main priority though you will still need to do things like delete a collection taht was
> accidentally imported for example.

Yes. But this is rare enough it could be left to sysadmins for now. I've been running bibserver open to data from any url on the web
for many years and never had a delete request yet.
A way to handle deletions is for url owners to replace their dataset with a BibTeX or BibJSON record with with no records.
They only have to do this once, make a refresh call to bibserver which will delete all their records, and thereafter they could disable the url. 
The bibserver should eventually do something I suppose to clean out empty datasets. But I dont see these causing much trouble. They would
e.g. not be displayed in indexes.
--Jim