Re: [Tracker] Assigning URIs to Resources



Hi Anatoly

On Thu, May 30, 2013 at 6:52 AM, אנטולי קרסנר <tombackton gmail com> wrote:
Hello,


My program consists of two parts:

1) On the lower level, an RDF schema is defined. It's a standard set of
classes and properties, possible extended by users who want more options
(using a definition language translated to RDF).

2) On the high level, the user defines resources using those classes and
properties. 


There's no problem with the lower level, because the data model is
public: Even if a user decides to add new content, she's very welcome to
share it and make other people's apps have more features.

Yes and no. Adding classes and properties is easy but the removal/renaming is complicated:

App A installs ClassA, subclass of CoreA
App B installs PropertyB to ClassA

What happens if App A wants to change its classes? Rename ClassA to ClassA2?

Now we uninstall app A. What do we do with its schema?

Add here changing properties domain or cardinality...
 
 
The problem is
with the second part. In the higher level, the user defines tasks,
meetings, appointments, plans and schedules. These may be private, and
the user may prefer to to have any info in the URI revealing the source
of the information.

Here are two things, security and URI schemes, and they are independent.

RDF is just a graph with no permissions/security in it. The software on top should take care of exposing only the right nodes and edges to the client depending on its permissions. Not a trivial problem.
 

So here are the questions I have on my mind:

1) Which URI scheme should I use? I don't have a website or any web
pages, so using http doesn't make sense. It also doesn't seem to make
sense to use any other standard IANA-registered URI. I've been
considering two options: Use some custom, my own, URI scheme name for
public resources, and use a bare URN for private ones, something like
this:
urn : random_name_i_made_up : some_private_resource_uuid
But I was wondering whether a custom URI scheme is a good decision, I'm
open to hear ideas from you :)

The URI just needs to be a *unique* ID of a resource.

At least in Tracker terms, autogenerated or using your own schema doesn't make any difference.


2) How to hide the private resources? On one hand, it may be very useful
for the URI to tell where a task came from, especially when tasks are
shared and delegated between people. On the other hand, it doesn't
consider privacy. Then I was thinking, can I/should I use two different
URI styles depending on user settings? This would create some
inconsistency. I'm not sure what to do here, since I don't have any
experience with URIs. Hopefully you have some advice for me.

If you use the URI to detect privacy... any client who doesn't honor your pattern will have access to everything.

As a rule of thumb, it is not good to encode information in the URL.

Specifically in Tracker, there is no way to hide "some" resources. There is a database per-user, and anything with user permissions can read/write anything in the store of that user. In other words, either you have access to the graph or you don't.

You could to store those private resources in some different db (internal for your app)... ugly, but blame RDF :)

Regards,

Ivan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]