accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: "NOT" operator in visibility string
Date Mon, 10 Mar 2014 17:14:07 GMT
>>> > >
>>> > >This seems very complicated and easy for users to get wrong.
>>> > >
>>> > >
>> >
>> >I agree that this is adding a significant amount of complexity. One option
>> >would be to annotate NOT as advisory, or to specify in the docs that it'd
>> >be up to the application layer to enforce the inclusion of the minimal set.
>> >(then again, that leaves even more room for erroneous implementations)
>> >
> If we are going to do it, I think we should try to come up with a design
> that solves end-to-end use cases. The not op seems useful but also
> dangerous, there is a real possibility of unintended data leakage.  A
> minimal authorization set is a solution.  Are there other solutions? Ones
> that better translate a users intent into constraints in the system.
>

Another snippet from HBase writeups that caught my eye was the idea of 
supporting both read and write visibilities. What we have right now is 
read, with a bit of write visibilities (using the VisibilityConstraint). 
The downside is that you can't let someone read data without writing to it.

That might be something else to consider as I can see it being a common 
use-case. (although it might merit its own line of work completely)

Mime
View raw message