[Cosmo-dev] securing access to items in multiple collections

[Brian Moseley]

On 9/27/07, Randy Letness <randy at osafoundation.org> wrote:

> We felt the best way to fix this in the short term was to add a list of
> tickets (probably as a http header) to each morse-code publish/update
> and the server will use those tickets to verify that a user has write
> access (either because they own the item or because one of the tickets
> provided allows access) to an item before adding that item to their
> collection.

actually, i think we want to send a ticket in the republished item's
recordset. it's ok if the same ticket is sent for more than one item.
this lets us apply access control as tightly as possible.

> This will require the client to keep track of which items were imported
> using a ticket, associate a ticket to an item, and generate a list of
> relevant tickets to include in the morse code request to prevent the
> server from rejecting a publish/update due to not being properly
> authorized.  There are some other details that we would need to hash out
> (when and where to include tickets, what is the user experience if the
> request is denied, etc).

most importantly, we'd have to figure out how to communicate back to
the client that one set of items was successfully published and
another set failed (including details about the failure). this is
required in case the wrong ticket is somehow sent for an item, or if
no ticket is sent at all.