1

Closed

Support for resources representing personal state

description

See the RO spec: Discussions > Personal vs Shared State.

Note that the idea of encrypted Oids would cater for this, but it would also be worth considering the pattern described in the spec of a UserId attribute. Another option would be to implement an interface:

public interface IPersonal {
bool IsVisibleToUser(string userName);
}

This has the advantage that the function to determine visibility can process the passed-in userName rather than simply match it. This would also allow the idea that an object might be visible to more than one related person e.g. a Customer and their Agent. Perhaps a better signature would be pass in Principal rather than a user name.
Closed May 9, 2013 at 3:46 PM by RichardPawson
I think this idea has been made redundant by the fact that NOF now supports instance-based authorization.

comments