jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: oak-api and move operations
Date Tue, 03 Apr 2012 10:08:13 GMT
hi jukka

> On Tue, Apr 3, 2012 at 11:23 AM, Angela Schreiber<anchela@adobe.com>  wrote:
>> but please be aware that we need to make sure that we need
>> to have a separate layer in place that enforces authorization
>> and prevents direct write operations on the MK from higher
>> levels... or the other way round: if we expose the MK to
>> higher levels we have to move both the complete authentication and
>> authorization process on the MK layer, which would look quite
>> wrong to me.
> The "private branch" concept is just that, "private". Anything written
> to such a branch is not made visible to any other clients, so there
> should be no need to enforce access controls on it.

well... looking at the current oak-jcr i still see
revision = microkernel.commit("", changeLog.toJsop(), revision, "");

this means to me that we still don't have a clear separation
of the different layer as we discussed it multiple times in the

if anyone else that the SPI layer has access to the MK this is just
a completely different setup that requires fundamental changes in
the way we envision the jr3 security concept.

but maybe i just got sidetracked by the current code in relation
to that discussion ... i don't mind having extra stuff on the mk-api
if it fits our needs

kind regards

View raw message