The Technical Co-Founder

The jm3 guide to achieving technical startup success without losing your soul

AFS-style ACLs for Web Services?

Am I the only one who wants AFS-style ACLs and PTS groups for web services like Flickr, Feed Me Links, etc.? (Or am I just the only one who remembers what ACLs and PTS groups are? :-) PTS groups are ad-hoc, user-defined permissions groups, which users can create on the fly without intervention from a sysadmin. PTS groups are to unix groups what top-down taxonomies are to user-defined tags.

Example:

"create group Friends w/members larry, moe, and curly"

ACLs are access-control lists; a means of granting access to certain users.

Example: "grant full access to group Friends and user joe"

ACLs + PTS groups = a flexible, extensible, and simple means of making sure the right people can get the right resources, and conversely. Simply put, they rock. Rather than the default 1 or 2 groups most services (Flickr, FML, Friendster, etc.) provide, what if users had access to completely dynamic groups? And what if those groups supported boolean operations: everyone BUT this person. This group AND that group. Imagine this situation on Flickr: “I want this photo visible only to a certain user Foo.” Or, “I this photo visible to every user in group Bar except user Blah.” That’s ACLs with PTS groups, the way things could work. So why don’t they?

Comments