[Cosmo-dev] JSON-RPC considered harmful
Brian Moseley
bcm at osafoundation.org
Tue Dec 5 23:23:38 PST 2006
On 12/5/06, Randy Letness <randy at osafoundation.org> wrote:
> I guess I was thinking about implementing a new
> TicketProcessingFilter/AuthenticationProvicer that ignores path...just
> validates that the ticket exists and use that for RPC requests, but that
> may be more work than its worth.
tickets don't exist in a void - they are granted on resources. you
need a resource path or item uid in order to look up the item to see
if the ticket is granted for that item or any of its ancestors.
More information about the cosmo-dev
mailing list