Re: [higgins-dev] CUID re-use (was something else)

[Greg Byrd <gbyrd@xxxxxxxx>]

In what scenario is the CUID of an IDigitalSubject used to grant 
permissions?

I am sure there are cases in which the recycling of CUIDs would be a bad 
thing -- e.g., public, long-lived Contexts with inter-subject 
relationships.  But I believe there are other cases in which it's not 
important at all -- e.g., an enrollment list, where the CUID is the 
student's assigned seat number.

My point is that requiring it to be true of all Contexts is overkill.  
We can certainly strongly suggest it as a good practice, but ultimately 
it's the Context implementer that decides whether it's worth the bother.




Jim Sermersheim wrote:
> >>> Greg Byrd gbyrd@xxxxxxxx> 8/15/06 2:12 PM >> 
> <mailto:gbyrd@xxxxxxxx%3E%208/15/06%202:12%20PM%20%3E%3E>
> <snip>
> >Can a Context reuse the CUID of a DigitalSubject that has been removed? 
> >If so, then we can't assume that today's URI+CUID will refer to the same
> >DigitalSubject as tomorrow's.  But to say that a CUID can't be recycled
> >seems too restrictive to me.
> In practice, I feel fairly strongly to the contrary. Where a CUID is 
> used to grant permissions to a resource, the recycling of a CUID is a 
> bad thing. For example: a superuser account is created and issued a 
> cuid. This cuid is listed as a subject being granted permissions 
> (maybe directly on a resource, maybe in a role object, but somewhere 
> other than on the superuser's object itself). The superuser object is 
> removed and its cuid re-used when an ordinary-joe object is created, 
> and now ordinary-joe has unexpected permissions.
>  
> Whether that means we should go about prescribing the non re-usability 
> of CUIDs, I don't know -- we should at least strongly suggest against it.
>  
> Jim
> ------------------------------------------------------------------------
>
> _______________________________________________
> higgins-dev mailing list
> higgins-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins-dev
>