jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Marth <mma...@adobe.com>
Subject Re: Rethinking access control evaluation
Date Mon, 07 Oct 2013 07:59:22 GMT
Hi Jukka,

you are right that the majority of repositories we see (or at least that I see) have few principals
and few ACLs. But as Angela mentioned there is a not-so-small number of cases with a very
large number of principals (>100000, e.g. a public portal or forum) and/or a large number
of ACLs (>50000, e.g. Intranet where ACLs are not hierarchic).
>From my POV it makes sense (as it was suggested on this thread) to optimize for the normal
case (few ACLs) out of the box, but make the ACL evaluation pluggable, so that different strategies
could be used in the different scenarios.


On Oct 5, 2013, at 5:31 AM, Jukka Zitting wrote:

Do we have real-world examples of such ACL-heavy repositories? Do they
also require optimum performance? I'm not aware of any such use cases,
but that of course doesn't mean they don't exist.

If possible I'd rather avoid the extra complexity and go with just a
single strategy that's optimized for the kinds of repositories we
normally see.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message