This is an overall issue I just encounter in editserv.
Right now, endpoints are secured in bdrc-auth-policies (https://github.com/buda-base/bdrc-auth-policies/blob/master/policies.ttl) on the basis of their path and eventually (not implemented yet) the appId (ldspdi, iiifserv, etc...), along with group, permission and role.
However, we have cases where a same path (for instances /tasks in edit serv) is used in the same application with different HTTP methods (GET, POST, PUT), these being the sole observable difference in between /tasks services).
We have to find a way to address that issue, an obvious one being to add a auth:httpmethod property to the Endpoint object in auth Ontology. WDYT ?
eroux
commented
4 years ago
This is an overall issue I just encounter in editserv. Right now, endpoints are secured in bdrc-auth-policies (https://github.com/buda-base/bdrc-auth-policies/blob/master/policies.ttl) on the basis of their path and eventually (not implemented yet) the appId (ldspdi, iiifserv, etc...), along with group, permission and role. However, we have cases where a same path (for instances /tasks in edit serv) is used in the same application with different HTTP methods (GET, POST, PUT), these being the sole observable difference in between /tasks services). We have to find a way to address that issue, an obvious one being to add a auth:httpmethod property to the Endpoint object in auth Ontology. WDYT ?