I was working on the implementation of the Append right (#96) as I tried to solve the problem mentioned in the title.
Imagine a user who creates a Message in a Chatroom. We want to user to be able to edit this message, and post to the chatroom, but we don't want the user to be able to create all sorts of other resources below that chat message. If we give them write rights anywhere, they will be able to create pretty much everything. That is fine if they host their own server, but some servers will want to limit what users can actually do. A Chat server may want to prevent malicious agents from spamming their server, or using the server for private / unrelated things.
We can solve this problem in various ways:
Rate limiting
At some point in the tree, or in the server, we limit how many items a user may post.
The amount of interactions is highly dependent on the domain.
Sometimes, we want to do this on a resource level. In a chat room, for example, we may want a maximum of 10 messages per minute, or 100 per hour. In a survey or a vote event, we want a maximum of 1 per agent.
Calculate & limit size used
The server can store a list of Resources / Propvals or even Bytes that an Agent is using on a server.
Prevent sub-trees by making sure users can't set write rights on child resources
The write right is very powerful, as it grants edit + delete + create rights from one point in a tree. We should probably use this with caution, and perhaps use a different right in many contexts. We're already working on the #96 append right, which only allows creating new resources. We're also considering to constrain this right by Classes, (allowsOnly) so users can for example only append new Messages in a Chat app, and cannot create BlogPosts. We can also very strictly interpret this as: we only allow properties that are explicitly mentioned in this Class (required and recommended. You can't add custom properties, which probably also includes write.
I was working on the implementation of the Append right (#96) as I tried to solve the problem mentioned in the title.
Imagine a user who creates a Message in a Chatroom. We want to user to be able to edit this message, and post to the chatroom, but we don't want the user to be able to create all sorts of other resources below that chat message. If we give them
writerights anywhere, they will be able to create pretty much everything. That is fine if they host their own server, but some servers will want to limit what users can actually do. A Chat server may want to prevent malicious agents from spamming their server, or using the server for private / unrelated things.We can solve this problem in various ways:
Rate limiting
At some point in the tree, or in the server, we limit how many items a user may post.
The amount of interactions is highly dependent on the domain.
Sometimes, we want to do this on a resource level. In a chat room, for example, we may want a maximum of 10 messages per minute, or 100 per hour. In a survey or a vote event, we want a maximum of 1 per agent.
Calculate & limit size used
The server can store a list of Resources / Propvals or even Bytes that an Agent is using on a server.
Prevent sub-trees by making sure users can't set
writerights on child resourcesThe
writeright is very powerful, as it grants edit + delete + create rights from one point in a tree. We should probably use this with caution, and perhaps use a different right in many contexts. We're already working on the #96 append right, which only allows creating new resources. We're also considering to constrain this right by Classes, (allowsOnly) so users can for example only append new Messages in a Chat app, and cannot createBlogPosts. We can also very strictly interpret this as: we only allow properties that are explicitly mentioned in this Class (requiredandrecommended. You can't add custom properties, which probably also includeswrite.