Using ACLs in JSON
Michael Torrie
torriem at gmail.com
Fri May 24 12:42:04 EDT 2013
On 05/24/2013 02:18 AM, Peter Brooks wrote:
> I'm designing a system that should allow different views to different
> audiences. I understand that I can use application logic to control
> the access security, but it seems to me that it'd make more sense to
> have this documented in the data-stream so that it's data-driven.
>
> I was wondering if there was any standard way of doing this in JSON.
> Alternatively, is there a better way of organising this in Python
> that's compatible with JSON?
While I don't understand exactly what you're using JSON for, and nor do
I understand the purpose of the JSON structure you posted, I can say
that ACLs have nothing to do with JSON.
JSON is simply a data markup format, like HTML, XML, plain text, or an
INI file. It's merely data. If you want to restrict who sees what when
they request a chunk of data formatted using JSON, then you have to
enforce that in the code that's processing the request for data using
another mechanism. And that mechanism depends on how your clients ask
for JSON data, and what code is serving or generating the JSON data.
More information about the Python-list
mailing list